Crooks are improving sextortion with the use of mobile malware

Pierluigi Paganini March 26, 2015

According to Trend Micro, crooks in Asia are conducting the sextortion practice to the next level, including the used of mobile malware to get huge profits.

Trend Micro released a new report to bring to light a criminal activity known as sextortion.

“Sextortion is a means of coercing cybercrime victims to perform sexual favors or to pay a hefty sum in exchange for the none exposure of their explicit images, videos, or conversations. These extortion tools are normally obtained through various chat programs. Skype was used most though because of its text-, voice-, image-, and video-recording capability”

Unfortunately sextortion is a common practice in the cyberspace, but experts highlighted recent innovations observed in this kind of illegal practice.


Sextortion 2

In a recent case observed in Asia, a crook posed as a woman, chatting with male victims on several chat services, like Kakao Talk, and setting them up for blackmail. The attacker improved the efficiency of the attack convincing the victim into download and install a malicious mobile malware, an Android data stealer. In the end, the victim is threatened by the cyber criminal which requested the victim to pay $908.02.

In this scheme, the Android data stealer is used to steal sensitive data from the victim’s mobile device, including contact list, to enforce the blackmail and mare more effective the sextortion. One thing to note too, is that the process of extortion is evolving as so the development of malware.

TrendMicro reported that:

“…certain gangs in East Asia have improved on the sextortion modus operandi, creating a far more damaging effect on the victims,” “The new modus operandi involves Android malware that can steal the victims’ contact list and send them to the attackers. Attackers are then able to contact the victims’ families and friends directly—making for a more intimidating threat.” continues TrendMicro. 

The Android data stealer allows attackers to be very aggressive against their victims by accessing their personal data, intercepting and logging the incoming SMS, preventing them from receiving calls.

“Our investigation revealed the use of four Android data stealer families for sextortion,” blogged Flores. “The malware were classified according to package name. Differences in code and functionality were seen from variant to variant, which suggests ongoing malware development.”

“The sextortion schemes we uncovered are complex operations that involve people across cultures and nations working together to effectively run a very lucrative business,”

The sextortion phenomenon is rapidly expanding all over the world, even if the TrendMicro’s report focuses on crimes occurred in East Asia, there are many other cases of sextortion in Canada and US.

“These once again prove that cybercriminals are not just becoming more technologically advanced— creating stealthier mobile data stealers, using complex stolen data drop zone infrastructures, and outsmarting banks to better evade detection—they are also improving their social engineering tactics, specifically targeting those who would be most vulnerable because of their culture.”

About the Author Elsio Pinto

Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog

Edited by Pierluigi Paganini

(Security Affairs –  sextortion,   TrendMicro)

you might also like

leave a comment