Malware secretly photographs users consuming porn
The freely available malware Stealerium recognizes porn consumption and secretly makes webcam recordings. Cyber criminals use the photos for blackmail.
The open-source malware Stealerium was published on the Internet supposedly for educational purposes.
(Image: heise medien)
A freely available malware called Stealerium poses a particularly unpleasant threat to victims. The malware can detect when the user accesses pornographic sites in the browser after an infection. If this is detected, the software secretly creates screenshots and webcam recordings that are sent via the Internet. This allows cybercriminals to obtain recordings that they can later use to blackmail their victims.
Scam emails claiming that criminals have obtained photos of the user masturbating in front of the computer have been circulating for years. The aim was to blackmail the victims into paying money. However, this was just a bluff.
Diverse malware
The danger posed by Stealerium is real, according to security researchers from Proofpoint, who have examined the malware, which is freely available on GitHub. The software, written in the C# programming language, is initially distributed in the traditional way, with victims receiving an email with an attachment that they are supposed to open. Instead of an order form or a spreadsheet, the malware is actually installed.
Stealerium has various functions to look on the victim's device for usable information. These include a keylogger that records keystrokes, the reading of bank and cryptocurrency data, the spying out of passwords, the clipboard, and browser databases. Hidden among these many functions is the webcam function for so-called sextortion (blackmail in which perpetrators threaten to publish nude photos of the victim). The malware is capable of overriding and bypassing various computer protection mechanisms.
Videos by heise
How to protect yourself from the malware
Stealerium sends the data it finds via email, Discord, Telegram, or other services. An increased number of Stealerium-based attacks have been recorded since May 2025. The anonymous author of the malware has allegedly posted it online for "educational purposes".
The usual behavioral tips apply to protect against Stealerium: Executable files should ideally be blocked. Particular care should be taken with attachments with the file extensions .js, .vbs, ISO and IMG. Users should also be made aware to treat suspicious emails with payment requests, court summonses, and donation requests with particular caution and not to open them if in doubt.
(mki)
