Skip to main content

“I have full control of your device”: Sextortion scam rears its ugly head in time for 2021

Malwarebytes recently received a report about a fresh spate of Bitcoin sextortion scam campaigns doing the rounds.

Bitcoin sextortion scams tend to email you to say they've videoed you on your webcam performing sexual acts in private, and ask you to pay them amount in Bitcoin to keep the video (which doesn't exist) private. This type of blackmail has become quite popular since the middle of 2018.

Sextortion scammers frequently use spoofed or made up email addresses to contact their targets. Previous campaigns have targeted those with compromised account passwords scraped from third-party breaches, minors, and other vulnerable groups. In this case, our experts believe that these emails have been targeting .org email addresses, and senior leadership almost exclusively.

From: {spoofed sender name}

Subject: I have full control of your device

Message body:

Hi

Did you notice that I sent you an email from your address? Yes, that means I have full control of your device. I am aware you watch adults [sic] content with underage teens frequently. My spyware recorded a video of you masturbating. I also got access to your address book. I am happy to share these interesting videos with your address list and social media contacts. To prevent this from happening, you need to send me 1000 (USD) in bitcoins.

Bitcoin wallet part 1: 1C1FfgyNsJGJZfuR2ePXxTraa

Bitcoin wallet part 2: CqE6WLWSM

Combine part 1 and part 2 with no space between them to get the full bitcoin wallet.

Quick tip! You can procure bitcoins from Paxful. Use Google to find it.Once I receive the compensation (Yes, consider it a compensation), I will immediately delete the videos, and you will never hear from me again. You have three days to send the amount. I will receive a notification once this email is opened, and the countdown will begin.

What we may perceive as a-dime-a-dozen, cookie-cutter blackmail email may be something new to someone, especially those who aren't aware of such a charade. Make no mistake: Email scams that contain little to no threats towards recipients have worked repeatedly like a charm.

This is why it's important to keep up with what's happening in cybersecurity, how online threats affect aspects of our lives, and how we can better protect ourselves, our data, and the people around us from those who scare, threaten, and bluff their way into our wallets. Treat all emails like this with a healthy amount of skepticism and you should be able to really see the email as it truly is: a fake.

[JD quote here]

Malwarebytes has extensively written about Bitcoin sextortion scams through the years. And what we advised then is still relevant to these new sextortion scams.

Change your passwords—or, better yet, consider using a password manager to help you create and store more complicated passwords for you.

Always use multi-factor authentication (MFA) to add an extra step of security. Most companies with an online presence have this, so make full use of it.

Do not pay the scammer.

If you received a sextortion email at work, let your IT department know. If you're in the United States, feel free to report this to the FBI's IC3.

Our Director of Mac and Mobile, Thomas Reed, had drafted a post aimed at Mac users who have received such scammy emails but need guidance on what these are what they need to do.

Stay safe, as always, and remain vigilant.

Bitcoin addresses related to this scam (as of this writing):

  • 1Nd3JST1daeyzmPovkRoemjysA6JfXjVRg
  • 17qBCU7Y5yrS9eimxvydRYw3XNF9meuSCY
  • 1C1FfgyNsJGJZfuR2ePXxTraaCqE6WLWSM

The post "I have full control of your device": Sextortion scam rears its ugly head in time for 2021 appeared first on Malwarebytes Labs.



from Malwarebytes Labs full article here

Popular posts from this blog

Mobile Security Framework (MobSF) - An All-In-One Mobile Application Security Assessment Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots: Static Analysis - Android Static Analysis - iOS Dynamic Analysis - Android APK Web API Viewer Requirements: Mac: Install Git Install Python 3.6 - 3.7 (3.8 is not supported) macOS Catalina users must uninstall existing python3 and install the one from Python.org . After installation, go to /Applications/Python 3.7/ and run Install Certificates.command and Update Shell Profile.command Install JDK 8+ ...
Read more

BlackArch Linux - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. It contains over 1800 security and hacking tools. Here is the complete list of tools in the BlackArch Linux: 0d1n : Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0trace :  A hop enumeration tool. 3proxy : Tiny free proxy server. 3proxy-win32 : Tiny free proxy server. 42zip : Recursive Zip archive bomb. a2sv : Auto Scanning to SSL Vulnerability. abcd : ActionScript ByteCode Disassembler. acccheck : A password dictionary attack tool that targets windows authentication via the SMB protocol. ace : Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface ad-ldap-enum : A LDAP based Active Directory user and grou...
Read more

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but you're glad you did it where people don't know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network ( VPN ) can do for you: it can put you in a place where you are unknown. To determine if and when you need a VPN, you must define what your goal is. If your main goal is to improve your privacy online, then a VPN is one of the possible solutions. Privacy is a right that is yours to value and defend. If you don't fall into the categories of people who say "I have nothing to hide" or "they already know everything about me" then you may care enough about your privacy to use a VPN. For the latest Malwarebytes Labs reader survey we asked "Do you use a VPN?" 2,330 responded and an impressive 36 percent said they now used a VPN. For perspective, ten years ago, only 1.5 percent of Americans used VPNs. So...
Read more