Today, personal communication is greatly enabled and enhanced by various messaging apps that provide text messaging, voice calls, photo sharing, and even video chat. These apps are often found in smartphones —devices that have all the features of a desktop computer, plus Wi-Fi, cellular, GPS, and data connectivity.
Cybercriminals have taken advantage of the convergence of the power of the smartphone and the features of chat apps to lure victims into compromising situations and blackmail them. Trend Micro’s latest paper, Sextortion in the Far East, talks about the latest developments concerning online blackmail.
Sextortion is a form of online blackmail involving persuading a victim into performing sexual acts that are secretly recorded. The attacker then forces the victim to give in to the attacker’s demands by threatening to release the previously recorded acts publicly.
Figure 1. Comparison of old sextortion scheme to the new one
Techniques as above have changed in the modus operandi, and cybercriminals are now asking for money as payment in lieu of sexual favors.
The Android data stealer’s primary purpose is to retrieve and send victims’ contact lists to the cybercriminals, allowing them to make more effective threats. Trend Micro’s investigation revealed the use of four Android data stealer families for sextortion with each of the four variants containing aggressive techniques. They were able to intercept and log the victims’ incoming text message and even prevent victims from receiving calls.
Sextortion in the Far East and Beyond
In-depth investigation on various sextortion scams led to developers in China tasked to create malicious apps and sites using Chinese and Korean. However, the incidents weren’t limited to these countries but extended to Japan as well. Sextortion cases have also been spotted in other parts of the world. There have been reports in Canada, the UK, and the US.