Zark Muckerberg cover his webcam for a reason.
Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn
Submitted 3 days ago by along_the_road@beehaw.org to technology@beehaw.org
https://www.wired.com/story/stealerium-infostealer-porn-sextortion/
Comments
psx_crab@lemmy.zip 3 days ago
dumbass@leminal.space 3 days ago
That photo is why I’ve covered my cameras, if that creepy spying fuck does it, there must be a reason.
FaceDeer@fedia.io 3 days ago
This is where having unusual fetishes pays off, so the software has no idea you're watching something "pornographic."
LaggyKar@programming.dev 3 days ago
The same thing spam e-mailed have claimed to have done for ages
Perspectivist@feddit.uk 2 days ago
So how does this work exactly?
“Pay up or we tell everyone that you watch porn”
scrubbles@poptalk.scrubbles.tech 2 days ago
Exactly that
knokelmaat@beehaw.org 2 days ago
There is a difference between telling and putting videos on the internet of you masturbating.
ready_for_qa@programming.dev 2 days ago
That only works if you masterbate while watching porn.
Deyis@beehaw.org 2 days ago
Blackmail can be very lucrative.
HubertManne@piefed.social 2 days ago
OMG! This is my kink. Where can I get this?! Oh no. Oh no. Don't put that video of me out on the internet for all to see. For all to see me doing those dirty dirty things. The shame. The humiliation. Please please. Ill do anything. ANYTHING!
fwygon@beehaw.org 2 days ago
I’d say they’re getting desperate to extort the few victims they manage to infect with this crap if they’re adding an extortion/blackmail component to this that isn’t your bog standard “oh files are now encrypted” malware.
Since ransomware is pretty much known to be common enough; it’s clear that people are backing up data on a regular enough basis to be resistant to it; especially if the criminal is demanding far more money than any data they managed to take hostage is worth to the person. Since cloud services are ubiquitous now; it’s likely they already have critical documents and photos backed up safely and the ransomware fails if all the user does is find someone techy to just nuke the whole system and reinstall everything from their cloud backup.
Using browser activity and webcam spying might seem clever but it’s just a reaching maneuver to extort people who would ordinarily just shrug off a ransomware infection but whom still have poor enough opsec online to be affected greatly by such blackmail.
cmnybo@discuss.tchncs.de 3 days ago
Don’t leave cameras uncovered. Webcam covers are cheap. Tape works too.
tal@lemmy.today 3 days ago
I mean, true. But I kind of feel like once you’ve got malware on your system, there are an awful lot of unpleasant things that it could manage to do. Would rather focus more on earlier lines of defense.
The “try and sextort” thing might be novel, but if the malware is on the system, it’s probably already swiping all the other data it can anyway.
It sounds like in this case, the aim is to try to get people to invoke executables by presenting them as ordinary data files:
Like, I kind of feel that maybe a better fix is to distinguish, at a UI level, between “safe” opening and “unsafe” opening of something. Maybe “safe” opening opens content in a process running in a container without broader access to the host or something like that, and maybe it’s the default. That’s what mobile OSes do all the time. Web browsers don’t — shouldn’t — just do unsafe things on the host just because someone viewed something in a browser — they have a restricted environment.
In a world that worked like that, you need to actively go out of your way to run something off the Internet outside of a containerized environment.