UNIT.City — місце, де люди працюють... КРАЩЕ! Обирай свій простір просто зараз 👉
Наталя ХандусенкоHot News
5 September 2025, 15:52
2025-09-05
Cyber experts have discovered a new type of sex spying: Stealerium automatically takes photos from users' webcams when they watch porn
Sextortion, which involves hijacking a webcam or blackmailing with intimate photos, has always been one of the most heinous cybercrimes. Now, a piece of spyware available on GitHub has turned this relatively manual crime into an automated feature — detecting when a user is viewing pornography on their computer, taking a screenshot, and sending a candid photo of the victim via their webcam.
Sextortion, which involves hijacking a webcam or blackmailing with intimate photos, has always been one of the most heinous cybercrimes. Now, a piece of spyware available on GitHub has turned this relatively manual crime into an automated feature — detecting when a user is viewing pornography on their computer, taking a screenshot, and sending a candid photo of the victim via their webcam.
Researchers from Proofpoint have published an analysis of a new malware called Stealerium. It is an open-source so-called infostealer that, according to experts, has been actively used in cybercrime since May of this year, writes Ars Technica.
This malware, like all infostealers, is designed to infect a victim's computer and automatically transmit large amounts of stolen confidential data to hackers, including banking information, usernames, passwords, and crypto wallet keys.
However, Stealerium adds another, more humiliating type of spying: it also tracks the victim's browser for web addresses that contain certain NSFW keywords, takes screenshots of tabs containing those words, takes pictures of the victim through their webcam while they browse those pornographic pages, and sends all the images to the hacker, who can then blackmail the victim by threatening to make them public.
Proofpoint began studying Stealerium after discovering the malware in tens of thousands of emails sent by two different hacking groups it monitors (both relatively small cybercrime operations), as well as in a number of other email-based hacking campaigns.
Oddly enough, Stealerium is distributed as a free, open-source tool available on GitHub. The malware developer, who goes by the handle witchfindertr and describes himself as a “malware analyst” from London, notes on the page that the program is intended “for educational purposes only.”
“You are solely responsible for how you use this program,” the page states. “I will not be responsible for any illegal activity. And I don’t really care how you use it.”
In the hacking campaigns that Proofpoint analyzed, attackers attempted to trick users into downloading and installing Stealerium via attachments or links. Victims were lured in with typical bait, such as a fake payment or invoice. These emails targeted employees in the hospitality, education, and finance industries, although Proofpoint notes that users outside of these industries were likely also targeted but were not captured by monitoring tools.
Once installed, Stealerium steals various data and sends it to the hacker via services such as Telegram, Discord, or, in some spyware variants, via the SMTP protocol. This is a relatively standard practice for infostealers.
What surprised the researchers more was the automated sextortion feature, which monitors a user’s browser for URLs containing a specific list of keywords (such as “sex” and “porn”). This list can be customized by the hacker. Detecting these words triggers simultaneous capture of images from the user’s webcam and browser. Proofpoint notes that no specific victims have been identified for this sextortion feature, but suggests that its presence indicates likely use.
But real, automated webcam shots of users watching porn are “virtually unheard of,” says Proofpoint researcher Kyle Cucci. The only known example of such a thing, he says, was a 2019 hacking campaign discovered by Slovak cybersecurity firm ESET.
Proofpoint's Larson said the shift to targeting individual users with automated sextortion features could be part of a broader trend. Some cybercriminals, especially lower-level groups, are moving away from the large-scale ransomware campaigns and botnets that attract law enforcement attention.
“For hackers, it’s not a multi-million dollar company hack that’s going to make a big splash,” Larson explains, comparing sextortion to ransomware attacks that cost millions. “They’re trying to cash in on people one at a time. And maybe on those who are too embarrassed to report such a crime.”
