contador web Saltar al contenido

New scam uses porn and ransomware sites to steal user data | Security

A new sextor scam is circulating, with the victim's computers being infected through a Trojan that steals information and a ransomware that encrypts the data. In the schemes that became known as sextorso, the criminal sends an email stating that he hacked the machine and recorded videos of the user while he was accessing pornographic sites.

READ: Uber scam already hits thousands in Brazil; know everything

From there, there is a blackmail: the victim must send money in Bitcoins or the supposed content should be shared with his contact list. However, the campaign detected by the cybersecurity company ProofPoint shows that, instead of demanding payment for the alleged improper content, the scammer asks the victim to download a file in ZIP format. Without knowing it, the user installs the Trojan on the PC and loses the machine's data.

Sextorso scam blackmails claiming to have sexual content of the user Photo: Reproduo / Pond5Sextorso scam blackmails claiming to have sexual content of the user Photo: Reproduo / Pond5

Sextorso scam blackmails claiming to have sexual content of the user Photo: Reproduo / Pond5

Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo

To increase credibility, sextorso messages also often include real person passwords, which were already available on the web due to old data leaks. It is worth mentioning that it is a fraud when the user receives the email, there is no hacker attack or any video.

The new campaign, however, causes the download of malware instead of asking for a payment in Bitcoins. The text calls the user a pervert and claims to be able to prove that he has images of his pleasures and asks him to download a file.

Sample e-mail from sextorso Photo: Reproduo / Bleeping ComputerSample e-mail from sextorso Photo: Reproduo / Bleeping Computer

Sample e-mail from sextorso Photo: Reproduo / Bleeping Computer

This ZIP file contains an executable that installs AZORult, a malware used to steal personal information, such as account logins, cookies, conversation histories, among others. Then, a ransomware called GandCrab is also installed and encrypts the computer's files, leaving the victim without access.

important to keep an eye out for scams like this. Never trust anything sent by strangers via email. When you receive a suspicious message, do a search to see if other people have found something similar as well. Often, it is possible to find a criminal attempt, in which case, just ignore and delete the email.