A recently discovered email scheme reportedly deployed by a hacking group called ChaosCC claims to have hijacked recipients’ computers and recorded videos of them while watching adult content. As reported by Bleeping Computer, this sextortion scheme attempts to trick recipients into paying US$700 in bitcoin.
The sextortion scheme involves an email sent to a potential victim by someone claiming to be from the ChaosCC hacker group (not to be confused with the Chaos Computer Club white-hat hacker group).
As with previous scams with a similar modus operandi, the email starts by informing the recipient that their account has been compromised by the email sender. The email tries to further scare the recipient by referring to their “intimate adventures” on the internet.
The email continues to instill fear on the recipient by saying that as they browse adult websites, their device’s camera turns on automatically and takes a video of them and the content they’re watching. The email claims that the recorded video clip is automatically saved on the hacker group’s server. It then warns that if the recipient fails to send US$700 to the sender’s bitcoin wallet, the video will be sent to the recipient’s contacts.
The email ends with a piece of mocking advice: The recipient is told to cover their device’s camera with a sticker when visiting adult websites.
In line with Trend Micro’s predictions for the year and as noted in Trend Micro’s 2019 midyear security roundup, there has been a surge in cases of sextortion deployed via email. Trend Micro’s detections of sextortion-related spam emails increased by 318% from the second half of 2018 (2,188,415) to the first half of 2019 (9,160,856).
Just last April, two of Trend Micro’s researchers, Loseway Lu and Marshall Chen, discovered a sextortion scheme that demanded bitcoin payments from targeted Italian-speaking users. Based on the IP lookups of the spam emails’ senders, the emails in this scheme appear to have been sent using the Gamut spam botnet.
Figure 1. A sample sextortion email that targets Italian-speaking users (left) and its partial English translation (right)
Operators of sextortion schemes use fear to intimidate victims into giving in to their demands. To avoid falling for sextortion schemes, users should adopt the following best practices:
Organizations, for their part, can consider adopting the Trend Micro™ Cloud App Security™ solution, which can help detect and block even the most convincing phishing attempts. It uses machine learning to perform sender, content, and URL reputation analysis. In addition, it detects suspicious content in the message body and attachments, and provides sandbox malware analysis and document exploit detection.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.