Listen To This Story

A new malware campaign is making waves online, not just stealing data, but spying on users, capturing compromising screenshots, and blackmailing them. 

Hackers are using a modified version of open-source info-stealer code from GitHub, originally shared for “educational purposes,” and turning it into a powerful extortion tool.

The Malware’s Modus Operandi

Once infected, usually via malicious email, the malware watches browser activity. If it detects adult content, it takes a screenshot, activates the webcam, and saves both for blackmail. Researchers call this built-in feature “porn detection.”

But the malware doesn’t stop there.

It also logs keystrokes, harvests browser cookies, banking and credit card information, and targets cryptocurrency wallets. In contrast to many info-stealers that focus on a specific payload, this malware is indiscriminate, scraping anything and everything it can from the victim’s machine.

Email-Based Delivery Tactics

The infection typically begins through phishing emails designed to appear urgent or official. Common lures include:

• Fake court summons: “You are required to appear in court. See attached lawsuit.”
• Xerox scan notifications: “Please see the attached scanned document.”
• Payment confirmations: “Attached is proof of payment for your recent transaction.”
• Fake charity communications: One notable campaign impersonated a Canadian charity.
• Hospitality industry-targeted emails: Booking requests with malicious attachments.

These emails carry compressed files, like .RAR archives, with embedded JavaScript or VBScript payloads. Once executed, the malware installs silently and begins its assault.

How the Stolen Data Is Extracted

To automatically send the stolen information back to the attackers, the malware employs several techniques:

• SMTP servers (Simple Mail Transfer Protocol) set up directly on the victim’s machine
• File-sharing services for uploading stolen screenshots and documents
• Encrypted Telegram channels that act as real-time exfiltration pipelines

This redundancy ensures attackers can still receive the data payload even if one exfiltration method is blocked.

A Legal and Ethical Gray Area

The sextortion malware framework used in this campaign is openly available on GitHub, where it’s labeled for “educational use only.” But as this campaign proves, such disclaimers offer little real-world protection when sophisticated cybercriminals adapt the code for malicious purposes.

Cyber security expert Morgan Carter noted. “Sextortion emails … are quite wicked, and the key reason they have more emotional impact than regular phishing emails is because … the tone of urgency and sense of danger.”

What You Can Do

• Never open email attachments unless you’re absolutely sure of the source.
• Avoid downloading compressed files like .RAR or .ZIP unless expected.
• Keep your antivirus and anti-malware tools updated.
• Cover your webcam when not in use.
• Use sandboxing tools to open suspicious files in isolated environments.

This campaign is a dangerous evolution. By merging data theft with psychological extortion, attackers aren’t just stealing information, they’re assaulting privacy and dignity, and weaponizing fear and shame as tools of exploitation. Staying vigilant is essential.

Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn

From Wired: “A new specimen of ‘infostealer’ malware offers a disturbing feature: It monitors a target’s browser for NSFW content, then takes simultaneous screenshots and webcam photos of the victim.”

Stealerium Malware’s Creepy New Trick Is To Snap Webcam Pics of Victims Watching Adult Content

From HotHardware: “We have reported several malware campaigns where hackers buy expensive malware programs from various sources across the web. Recently, a cybersecurity firm, Proofpoint, has revealed that hackers are now using a free, open-source malware dubbed Stealerium to launch sophisticated attacks that help them steal data and even snap photos of victims in the act of watching adult content.”

Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer

The author writes, “Each year, cybercriminals exploit the tax season as an opportunity to deploy various social engineering tactics to compromise sensitive personal and financial data. These adversaries craft highly deceptive campaigns designed to trick taxpayers into divulging confidential information, making fraudulent to counterfeit services, or inadvertently installing malicious payloads on their devices, thereby exposing them to identity theft and financial loss.”

Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer

The author writes, “Cybercriminals are exploiting the US tax season to deploy Stealerium malware, targeting citizens through sophisticated phishing campaigns.”