A newly identified malware variant, known as Stealerium, represents a significant escalation in cyberspace threats. Unlike typical infostealer programs that primarily target sensitive personal data, Stealerium has introduced an alarming feature that automates sextortion. This malware monitors a victim’s web browsing activity, specifically for NSFW content, simultaneously capturing screenshots and webcam images of the user during their viewing, all for the purpose of potential blackmail.
Researchers at security firm Proofpoint unveiled their analysis of Stealerium, which has been utilized in multiple cybercriminal activities since May. The software can steal various private information such as banking credentials, login details, and cryptocurrency wallet keys. However, the added capability to capture compromising images significantly increases the stakes for anyone inadvertently infected.
Selena Larson, one of the Proofpoint analysts, emphasized the seriousness of this capability, stating, "This adds another layer of privacy invasion and sensitive information that you definitely wouldn’t want in the hands of a particular hacker." This sentiment is echoed by the broader cybersecurity community, noting that such explicit invasions of privacy can leave victims feeling vulnerable and exploited.
Stealerium is strangely available as open-source software on platforms like GitHub, advertised for "educational purposes." However, the developer, operating under the pseudonym witchfindertr, has made it clear that they bear no responsibility for illicit uses of the program.
In their investigations, Proofpoint found Stealerium embedded in various phishing emails intended to deceive recipients into downloading the malware. These emails were sent primarily to individuals in hospitality, education, and finance sectors, though it is likely that non-profits and individuals outside of organizations were also temporary targets.
Once installed, Stealerium can not only pilfer a range of data but also send predetermined screenshots and webcam images to the hacker via messaging services such as Telegram or Discord. This tactic of automated sextortion marks a departure from older methods where human hackers would manufacture threats against victims, showcasing a troubling trend towards more invasive and efficient cybercrime.
The rise of Stealerium aligns with a potential shift within the cybercrime landscape. As some cybercriminals pivot from large-scale ransomware attacks to more personal sextortion schemes, it reflects a focus on exploiting individual vulnerabilities rather than targeting high-value enterprises. As Larson pointedly remarks, these hackers may prefer targeting individuals who might be ashamed to report such blackmail, thus facilitating a more robust and insulated criminal ecosystem.
As this situation evolves, it’s crucial for potential victims to remain vigilant about their online behavior and security practices.
