Maybe your private time is not actually private at all. No, it is not about what activist Edward Snowden revealed a few years ago, but it is about a malware that specifically targeted users of a French telecom giant that is capable of stealing unsuspecting users' passwords and financial information, as well as record their screens if they watch pornography.
Researchers at an IT security company, ESET discovered this new form of spam-delivered malware, which they coined Varenyky, in May 2019. This malware can identify when someone was likely viewing porn and record their screen.
This malware is designed to target customers of French ISP Orange SA and filters out non-French users based on the location of someone's computer.
As per the researchers, the threat actors send this malware in the form of an email with a fake Microsoft Word attachment under a €491.27 phone bill. If someone opens the malware attached document, it infects the user's computer.
According to a post on ESET website, "Overall, the email text content, the document's filename and the "protected" content of the document emphasize to the recipients that they are dealing with a real bill and that they should open it. The quality of the French is very good; overall, the document is convincing."
Once activated after a click on the document, the malware then can download the additional files it needs to gather passwords, propagate to other systems and record screen activities of a user.
But now the question is, how much threat will this malware pose? Researchers noted that even though malware can record someone's screen while they are watching porn, there is no evidence of initiating any other threat or exploiting these recordings beyond collecting them. So the extortion aspect doesn't look like a major threat in this case.
Bruce P. Burrell, ESET security expert said that it is likely that the hackers are using a sextortion scam tool they purchased on the dark web but as of now, it doesn't appear as though anyone's been extorted by Varenyky in this method.
He added that if someone downloads the fake phone bill and mistakenly given it permission to run macros, that user will come under a heavy risk of having passwords and financial information stolen and spreading the malware to others, who are in the contact list.
However, the researchers mentioned that Varenyky doesn't appear to be a global threat yet. But, since precaution is better than cure, it is always better to keep the OS and antivirus software up to date and avoid opening malicious attachments.
