I put black tape over my cell phone cameras, laptop, and desktop display. Have been for 20 years. Your face is constantly being scanned and photographed. Especially your eyes.
Turning off webcams is an illusion. Like cell phones, they are always watching, listening, tracking. Always. My cellphone stays in a drawer on the other side of the house.
DB
-------------
A new form of "infostealer" malware can automatically detect when you open porn on your browser, screenshot what you're looking at, take a photo of you through your webcam, and send it all to a hacker, Wired reports.
It's a horrifying evolution in sextortion schemes, the criminal act of coercing someone by threatening to release private and sexual images. And it can make the nightmarish threats of those mass "Hello pervert" phishing emails a reality; it may no longer be just a bluff when a hacker demands money, saying they have sexually humiliating dirt on you they could release.
"When it comes to infostealers, they typically are looking for whatever they can grab," Selena Larson, a researcher at the cybersecurity firm Proofpoint which conducted an analysis of the virus, told Wired. "This adds another layer of privacy invasion and sensitive information that you definitely wouldn't want in the hands of a particular hacker."
The tool, known as Stealerium, caught Proofpoint's attention after it found the malware in tens of thousands of emails sent by two different hacking groups.
Devious blackmailers don't need to plumb the depths of the dark web to find it, either. It's based on an open-source malware that's readily and freely available on Github, the popular code repository, where its creator claims it's "for educational purposes." While it's been up since 2022, researchers at the firm say they've recently noticed a significant uptick in schemes delivering the Stealerium malware.
In their investigation, they found that the hackers trick their victims into installing the malware by disguising it as an innocuous attachment or link. Often, they impersonate organizations like charities and banks, with subject lines like "Donation Invoice" and "Payment Due."
Once it's installed, nothing's private. The malware can quickly infiltrate practically every corner of your computer, grabbing data like your browser's saved login credentials, cookies, banking and credit card data, crypto wallets, and your chats on platforms like Signal and Discord.
The real kicker, though, is its feature that can target porn data. It can detect whenever you open NSFW content on your browser, looking for keywords like "porn" and "sex," which are customizable by the hacker. When triggered, the tool takes a screenshot of your screen and snaps a photo with your webcam.
"It's gross," Larson told Wired. "I hate it."
Even more alarming is the ease with which it exfiltrates this data. Stealerium can automatically send everything to a Discord server or through a Telegram account. And hackers using the tool have also modified it to send the data as an archive file over emails, a functionality that wasn't available in the original version.
Many of the victims, Proofoint found, worked in the hospitality, education and finance. It hasn't found any victims of the porn-snooping sextortion hack being used, but that doesn't mean they aren't out there. Part of the advantage of sextortion schemes for hackers is that their victims tend to stay quiet. And this is where we're starting to see a shift in hacker's tactics, according to Proofpoint researchers: rather than going after high profile figures and companies, you keep the law off your back by making out with smaller sums ripped off from the little guys.
"For a hacker, it's not like you're taking down a multimillion-dollar company that is going to make waves and have a lot of follow-on impacts," Larson told Wired. "They're trying to monetize people one at a time. And maybe people who might be ashamed about reporting something like this."
https://futurism.com/automated-extortion-software-devious
