Slovakia-based IT security company ESET has warned French users about a new virus, dubbed Varenyky that allegedly records their device screens when it detects key words used to search for porn (i.e. XXX, pornhub, sex).
When these words appear, the malware could record the screen using an FFmpeg executable and then upload the video to the command-and-control (C&C) server using a downloaded Tor client.
As soon as the Spambot Trojan, which was first detected in May in France, makes its way onto people's computers, it can get access to their passwords and emails, and potentially send the X-rated snaps to a victim's family or friends - or even use them for blackmail.
A spike in ESET’s telemetry led our researchers to discover #Varenyky, a #spambot able to spy on victims’ screens while they watch sexual content, enabling very real #sextortion campaigns. @welivesecurity @ESETresearch https://t.co/W8WQ79oazg pic.twitter.com/gU0S4g8WCO
— ESET (@ESET) August 8, 2019
The malware, which is still being developed by unknown hackers, also sends spam emails pretending to be invoices or bills, and once people open an attachment, it is able to extract usernames and passwords.
"Researchers observed a spike in ESET telemetry data regarding malware targeting France. After further investigations, we identified malware that distributes various types of spam. One of them is leading to a survey that redirects to a dodgy smartphone promotion while the other is a sextortion campaign. The spam targets the users of Orange SA, a French ISP. We notified them before the release of this publication", ESET said in a report.
Even though the Varenyky malware is able to spy on victims' screens, at this point ESET is not aware of any kind of sextortion activity.