Beware of growing “sextortion” scams



Malicious activity has always flourished during difficult times. The pandemic is therefore no exception, as Avast blocked more than half a million attempted “sextortion” attacks in January 2021 alone. Their strategy is still the same: The crooks send emails to users, claiming to have recorded them during intimate moments and threatening to share the video publicly unless the victim pays a ransom. If these messages are often disturbing, the targeted person should simply ignore them, as they are most likely false statements. Most of these attacks targeted English-speaking users in the UK and US, but researchers at Avast’s Threat Labs also blocked campaigns in France, written in French. Two modes of operation coexist in this booming campaign. The most widespread is taking advantage of the increased use of video conferencing services for personal communication since the start of the Covid-19 pandemic. The hacker claims to have accessed a user’s device and camera, exploiting critical vulnerabilities in video conferencing applications, such as Zoom. In reality, this claim is a lie because Avast did not find any vulnerabilities in this software. The email also mentions that the attacker recorded a sexual act and gained access to sensitive information, which could result in “terrible damage to reputation” unless a payment of $ 2,000 in Bitcoin is made. (approximately € 1,660). The second most common mode of operation involves an email indicating that a Trojan horse was installed on the recipient’s machine a few months ago. This compromise then made it possible to record all of the victim’s actions with the microphone and webcam, and to exfiltrate all data from the devices, including chats, social networks and contacts. The attackers again demand a ransom in cryptocurrency, pressuring the victim with a fake timer to pay quickly. While these attacks are increasing dramatically, it is essential to make users aware that these threats are all unfounded: there are no undetectable Trojans, nothing is logged, and attackers do not have their data. Some of these scam attempts are easy to spot, however, as the content appears to have been translated automatically (with Google Translate for example), resulting in a headless email like the one below.