Experts from Eset have discovered a trojan capable of activating only when we look at a porn site and recording what the screen shows
Sexual scams and blackmails are full of the web. One of the most common, and effective, is via email and involves an alleged sex video that stars (unintentionally) the recipient of the same email message. To prevent the video from being uploaded online and spread among friends and acquaintances, the victim must pay a ransom in Bitcoin worth a few thousand euros. A good scam that could soon turn into an all-too-real nightmare.
Security researchers at Eset have discovered Varenyky, a Trojan with a rather bizarre behavior. After infecting the computer, the malware remains in "silent listening" until the owner visits a particular category of websites. At that point, it takes control of the PC, records all the data it needs and starts blackmailing you.
A devious scheme, which fortunately can be easily "contained" and defeated. You just need to understand how the trojan works and avoid being infected.
How Varenyky works, the red light virus that blackmails you
We have already mentioned that Varenyky is a trojan, that is, a type of virus that allows a third party - the hacker or the cybertruffinator - to have access to the device's resources whenever he wants. The malware discovered by the experts of the Eastern European software house, in particular, is able to work in full autonomy, and to activate itself only when it is really necessary.
That is, when the owner will visit a porn site with his device. At that point, Varenyky will activate the screen recording with FFmpeg (a free software downloaded to the PC directly by the malware) and send the created files to a server controlled by the same criminal organization. At that point, with the "scandal" footage in their possession, the hackers could contact the victim and demand blackmail. The conditional has been used by Eset itself, as no extortion demands have been reported so far.
How your PC is infected and how to defend yourself against the blackmail porn virus
For the scheme to succeed, Varenyky needs to be installed directly by the PC owner. In order to push him to do so, the "usual" phishing scheme is implemented based on a hypothetical invoice or bill to be paid. The attachment is a normal Word file, but with macros activated: when you open the document to check its content, it will activate the malicious code that will download and install the malware.
To prevent this from happening, you just need to use some common sense when browsing and downloading emails. When you receive e-mail messages from strangers containing suspicious attachments, do not think twice: avoid downloading files and, for extra security, delete the message as well.