this post was submitted on 04 Sep 2025
57 points (100.0% liked)

Technology

40223 readers
368 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
57
Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn (www.wired.com)
submitted 4 days ago by along_the_road@beehaw.org to c/technology@beehaw.org
15 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] cmnybo@discuss.tchncs.de 44 points 4 days ago (1 children)

Don't leave cameras uncovered. Webcam covers are cheap. Tape works too.

[–] tal@lemmy.today 25 points 4 days ago (1 children)

I mean, true. But I kind of feel like once you've got malware on your system, there are an awful lot of unpleasant things that it could manage to do. Would rather focus more on earlier lines of defense.

Once it's installed, Stealerium is designed to steal a wide variety of data and send it to the hacker via services like Telegram, Discord, or the SMTP protocol in some variants of the spyware, all of which is relatively standard in infostealers. The researchers were more surprised to see the automated sextortion feature, which monitors browser URLs for a list of pornography-related terms such as “sex” and “porn," which can be customized by the hacker and trigger simultaneous image captures from the user's webcam and browser. Proofpoint notes that it hasn't identified any specific victims of that sextortion function, but suggests that the existence of the feature means it has likely been used.

The "try and sextort" thing might be novel, but if the malware is on the system, it's probably already swiping all the other data it can anyway.

It sounds like in this case, the aim is to try to get people to invoke executables by presenting them as ordinary data files:

In the hacking campaigns Proofpoint analyzed, cybercriminals attempted to trick users into downloading and installing Stealerium as an attachment or a web link, luring victims with typical bait like a fake payment or invoice. The emails targeted victims inside companies in the hospitality industry, as well as in education and finance, though Proofpoint notes that users outside of companies were also likely targeted but wouldn't be seen by its monitoring tools.

Like, I kind of feel that maybe a better fix is to distinguish, at a UI level, between "safe" opening and "unsafe" opening of something. Maybe "safe" opening opens content in a process running in a container without broader access to the host or something like that, and maybe it's the default. That's what mobile OSes do all the time. Web browsers don't

shouldn't

just do unsafe things on the host just because someone viewed something in a browser

they have a restricted environment.

In a world that worked like that, you need to actively go out of your way to run something off the Internet outside of a containerized environment.

[–] r00ty@kbin.life 10 points 4 days ago

Yes. But one less thing it can do.