Sextortion via Malware [ Technical - Theorical ] Analysis

 

Sextrortion is a form of extortion where someone threatens to share sexual content (like nudes, sexual videos, or other intimate material) of a person unless the victim complies with certain demands. These demands can be:

• Providing more sexual content

• Sending money

• Doing favors

• Other forms of coercion

So, in short: sextrortion = threatening someone to prevent sharing sexual content or to force them into something sexual or financial. 

The game has changed. We have seen numerous examples of malicious Android applications that threat actors use for webcam phishing, weaponizing the app to exfiltrate data through a Telegram bot. This method is still common in many countries across Asia, the Middle East, and Europe. What’s particularly interesting is that now threat actors or black markets are offering commercial malware with premium features that include sextrortion modules. Stealerium is a well-known infostealer that exfiltrates data in multiple ways, particularly through Discord. Recently, new modules have been added specifically for sextrortion. With this functionality, when a user visits a pornographic website, a screenshot is taken and sent back to the threat actor. 

As shown in the screenshot below, when a user visits a pornographic website or accesses adult content, a screenshot is captured. Most stealers or common web- or software-based remote access trojans (RATs) also have the capability to access cameras, making it easier for threat actors to intimidate or blackmail victims. You can see the porn-detection modules illustrated below:

As you can see from the screenshot below, when a user searches for adult content, the system begins capturing and filtering it :

You can find more details on IoCs here: https://www.proofpoint.com/us/blog/threat-insight/not-safe-work-tracking-and-investigating-stealerium-and-phantom-infostealers