Author Topic: Sextortion Emails now Leading to Ransomware and Info-Stealing Trojans  (Read 268 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35125
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Sextortion email scams have been a very successful way of generating money for criminals. A new Sextortion campaign is now taking it to the next level by tricking recipients into installing the Azorult information-stealing Trojan, which then downloads and installs the GandCrab ransomware.

A sextortion scam is when you receive an email that states someone hacked your computer and has been creating videos of you while you are using adult websites. These emails may also contain passwords of yours that were leaked during data breaches in order to make the scams look more legitimate.

The emails then tell you to send them bitcoins or they will share the videos they made with all of your contacts. It should be clear that these are scams; your computer was not hacked and there are no videos of you.

A new campaign has been spotted by researchers at ProofPoint that instead of containing a bitcoin address to send a blackmail payment to, they instead prompt you to download a video they made of you doing certain "activities". The downloaded zip file, though, contains an executable that will install malware onto the computer.

"However, this week Proofpoint researchers observed a sextortion campaign that also included URLs linking to AZORult stealer that ultimately led to infection with GandCrab ransomware," stated ProofPoint's research.


Sextortion Email click to enlarge 974x1100

The downloaded files will be named similar to Foto_Client89661_01.zip  and the full text of the sextortion scam email is below.

Quote
Hello!

I have very bad news for you.
09/08/2018 - On this day, I got access to your OS and gained complete control over your system. **@gmail.com
On this day your account **@gmail.com has password: XXXX

How I made it:

In the software of the router, through which you went online, was avulnerability.
I just got into the router and got root rights and put my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the nromal course!

And i got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

As proof of my words, I made a video presentation in Power Point.
And laid out in a private cloud, look You can copy the link below and paste it into the browser.

http://google.com/url?Q=[url here]

I'm know that you would like to show these screenshots to your friends, relatives or colleagues.
I think #381 is a very, very small amount for my silence.
Besides, I have been spying on your for so long, having spect a lot of time!

This new tactic is even more dangerous, as recipients may be scared enough to want to confirm if a video exists. They then download the file, try to open the zipped file and find themselves infected with two different types of malware.

The first infection, Azorult, will be used to steal information from your computers such as account logins, cookies, files, chat history, and more. Then it installs the GandCrab Ransomware, which will encrypt your computer's data.

So while previously the email was just a scam trying to scare you, you now have a serious problem on your hands.

Therefore, it is important to not trust anything you receive from a stranger via email. Instead, do some searches on the Internet to see if others have encountered emails like this and you will quickly see that this is just a scam that should be deleted.