Black HatCyber SecuritySecurity NewsSecurity+TechTrends

Security Experts Discover Malware That Records Users Screens When They Watch Porn

The security experts and researchers from Antivirus developer ESET has recently revealed a new type of spam-delivered malware, which threatens to steal the unsuspecting users’ passwords and financial information, and record their screens if they watch pornography.

This type of virus is known as Varenky and its dangerous. It has also been noticed that its been designed to target the special customers of French ISP Orange SA, but the security researchers has also indicated that there is nothing stopping someone from using the same type of malware on other ISPs or in other areas. its delivered via a very special and official looking email that appears to be a phone bill.

Screenshot of email distributing Varenyky downloader
Screenshot of email distributing Varenyky downloader

Affected victims believe that these documents are being protected and secured by Microsoft, when in the reality they are activating the virus and giving it permission to run the macros in Word. According to a post on ESET’s website:

Overall, the email text content, the document’s filename and the “protected” content of the document emphasize to the recipients that they are dealing with a real bill and that they should open it. The quality of the French is very good; overall, the document is convincing.

Malicious document
Malicious document

Once activated, the macro contained in the fake bill executes the processes which than allows the malware to download the additional files it need to gather the passwords, propagate to other systems, and record your screen.

Read Also: Microsoft Office Macros Still No. 1 Malware Delivery

The English version of these email that victims will probably supposed to receive after their screens were recorded was posted earlier this year by ESET:

Credit: ESET
Credit: ESET

So, The question arises here; How dangerous is this? The sextortion scam aspect of the malware doesn’t appear to be a major threat.

ESET security expert Bruce P. Burrell said its likely the so-called hacker is using a “sextortion scam kit” they purchased on the dark web. To date, it doesn’t appear as though anyone’s been extorted by Varenyky in this method.

But anyone who has downloaded the fake bill and mistakenly given the complete permissions to run the macros is at high risk of having their passwords and financial information being stolen and spreading the malware to people on his/her contact lists.

While Varenyky does not appear to be a globally threat yet, and so far there’s been no documented instances of it successfully extorting anyone, the simplicity of its attack vector is noteworthy. And, according to ESET, the malware’s developers are tenacious.

Many functions have been added and then quickly removed across many different versions in a short period of time (two months). This shows that the operators are actively working on their botnet and are inclined to experiment with new features that could bring a better monetization of their work.

In the meantime, the security experts have advised that the best way to defend agains these malware is to keep your OS and Antivirus Software Up-To-Date, and avoid opening email attachments or downloading files unless you’re 100 Percent sure they are not dangerous.

Related Articles

Leave a Reply

Back to top button