BackgroundProofpoint first encountered Stealerium in large volumes of phishing email traffic, where malicious attachments or links were used to lure victims into installing the program. The campaigns targeted users in hospitality, education and finance, though the researchers noted that individual users outside corporate environments were also likely affected.

Malware Capabilities

Stealerium retains the standard infostealer functions: it collects usernames, passwords, banking credentials and cryptocurrency wallet keys, then exfiltrates the data via services such as Telegram, Discord or SMTP. The distinctive addition is an automated sextortion module. The malware monitors the victim’s web browser for URLs containing pornography‑related terms. When a match is found, it simultaneously captures a screenshot of the browser tab and a photo from the victim’s webcam, forwarding both images to the attacker. This enables criminals to potentially blackmail victims with evidence of them viewing adult content.

Distribution and Attribution

The tool is distributed as a free, open‑source package on GitHub, making it readily accessible to low‑skill threat actors. The developer’s GitHub profile claims a location in London and explicitly disclaims responsibility for any illegal use. Proofpoint’s researchers noted that the sextortion feature appears customisable, allowing attackers to define the list of trigger keywords.

Impact and Industry Response

While Proofpoint has not identified specific victims of the sextortion function, the presence of the feature suggests it has likely been employed in ongoing campaigns. The addition of automated webcam capture marks a departure from traditional, manually‑executed sextortion scams and reflects a broader trend of cybercriminals focusing on individual extortion rather than large‑scale ransomware attacks. Security firms advise users to be cautious of unsolicited email attachments or links and to maintain up‑to‑date anti‑malware defenses.

Usado: News Factory APP - descubrimiento de noticias y automatización - ChatGPT para Empresas