Hackers are able to capture video of people using porn websites

It’s one of the oldest online scams around – ‘hackers’ claiming to have secretly filmed people through their webcams while they watch porn, and threatening to share the footage with their loved ones.

Most of the time these are just empty threats, in an attempt to get the victim to hand over money, but a new report reveals that the technology to do this does actually exist.

Security experts at Proofpoint claim to have found a piece of malicious software that allows hackers to capture video from their victims’ webcams without them knowing.

The software, known as ‘PsiXBot’, only works on computers running Microsoft Windows, and is often loaded on to a computer without the user knowing. 

PsiXBot has been around for several years but a new module has been added that allows hackers to capture video from a users camera. Stock photo

PsiXBot has been around for several years but a new module has been added that allows hackers to capture video from a users camera. Stock photo

PsiXBot has been around for several years but a new module has been added that allows hackers to capture video from a users camera. Stock photo

It can be installed through a less reputable website or by downloading a video, music file or software that is carrying it.

Once PsiXBot has been installed on the victim’s machine, it sits in the background waiting for the user to open a web page with a specific pornography-related keyword in the title. 

This then triggers the software to start filming the user through the computer’s camera. 

‘PsiXBot has been around for several years but a new module has been added that allows hackers to capture video,’ Proofpoint expert Werner Thalmeier told the German newspaper Bild.

‘Now the threat is real and the program has already been distributed thousands of times,’ he added. 

Once they have obtained the video, hackers will then threaten to send it to the victim’s family if they don’t hand over money – often in the form of untraceable Bitcoin.

They will threaten to send details of websites the user visited and everything they typed into their computer to a list of email addresses, social media accounts and other contacts stolen from the user, according to Proofpoint.  

The email will have a subject line along the lines of ‘can publish everything’, ‘dirty video of you’, ‘I recorded you’ and ‘pervert’. 

‘This software is a semi-professional tool and much more dangerous than, say, attacks with manipulated e-mails, because the hidden program on the computer can hardly be found with a virus scanner,’ says Mr Thalmeier 

Using the threat of sending video of a person watching an adult website is known as ‘sextortion’ and has been around a long time.  

Hackers are able to monitor what is typed into a computer, capture footage from the webcam and upload the information to an 'illegal server', say experts. Stock image

Hackers are able to monitor what is typed into a computer, capture footage from the webcam and upload the information to an 'illegal server', say experts. Stock image

Hackers are able to monitor what is typed into a computer, capture footage from the webcam and upload the information to an ‘illegal server’, say experts. Stock image

According to Paul Ducklin, computer security expert at Sophos, hackers claiming to have your details are often bluffing.

In almost all cases, this is a lie, said Mr Ducklin, who explained that extortionists will convince you they have hacked your computer and gained access to cameras by feeding you some private information about yourself. 

This could be passwords they have simply gathered from a data breach and leak.  

Proofpoint said that anyone who receives a sextortion email should carry out a full virus scan  – which could take hours depending on the size of their hard drive. 

HOW DO YOU PROTECT YOURSELF FROM SEXTORTION SCAMS? 

The UK national reporting centre for fraud and cyber crime have published a number of simple steps to avoid getting caught out by a sextortion scam. 

If you get a scam email you should report it to Action Fraud. Stock image

If you get a scam email you should report it to Action Fraud. Stock image

If you get a scam email you should report it to Action Fraud. Stock image

  • Don’t reply to the email, or be pressured into paying: it only highlights that you’re vulnerable and you could be targeted again. 
  • The police advise that you do not pay criminals. Try flagging the email as spam/junk if you receive it multiple times.
  • Perform password resets as soon as possible on any accounts where you’ve used the password mentioned in the email. 
  • Always use a strong, separate password for important accounts, such as your email. Where available, enable Two-Factor Authentication (2FA).
  • Always install the latest software & app updates. Install, or enable, anti-virus software on your laptops & computers and keep it updated.
  • If you have received one of these emails and paid the fine, report it to your local police force. 
  • If you have not paid, report the email as a phishing attempt to Action Fraud.

Source: Action Fraud

link

(Visited 6 times, 1 visits today)

Leave a Reply