Ransomware is nothing new, but according to a new report from security researchers Trend Micro, cyber criminals in Asia are using a hybrid form of malicious tactics that utilizes ransomware and catfishing to lure victims into private chat rooms, convincing them to conduct explicit and sexual acts on camera and then extorting those users for upwards of $1,000 each at the highest amount. It’s a method of cyber attacks that has garnered the term “sextortion” due to the nature of how cyber criminals are able to steal money from mobile users, but there’s more involved than just luring people into private chat rooms and convincing them to do things on camera so they can record those activities.
According to Trend Micro, it starts with criminals posing as attractive females on Facebook and other social media sites by creating an entire fake profile, otherwise known as catfishing, and then convincing men to enter into a private video chat. The report mentions that various chat apps have been used but most commonly Skype is the app of choice because it has the capability for voice calls, images, texts, and video chats all wrapped into one. Once the chat takes place, the victims are convinced by the attackers that there is a problem with the audio and that they need to install an android app to fix it. This is where the ransomware comes into play, as the installed application allows the attackers to gain access to the mobile user’s personal contact list and other information, which they then use to extort money in exchange for keeping the recorded video sessions private.
Failure to pay up results in a threat of sending the content to the entire contact list and/or uploading the video to YouTube, exposing these individuals for doing something that could be potentially damaging to their reputation. The report states that some gangs of cyber criminals were able to obtain as much as $29,200 in one month, which displays that this method of cyber crime is lucrative and could cause it to become more mainstream. Although there is no report of these types of problems being introduced in the U.S. on a widespread scale, if it’s possible for cyber criminals to make quick cash overseas in large amounts over a short period of time, the issue could easily spread to other regions. It also serves as a good reminder that engaging in these types of activities will likely not result in a good ending. Even further, it’s a great reminder not to install random Android applications you have no way of validating as non-threatening.