Share |
Malware and antivirus software

Dangerous spambot records French victims’ screens while they are watching sexual content online, ESET uncovers

Created: 2019-08-08 13:00:00

Dangerous spambot records French victims’ screens while they are watching sexual content online, ESET uncovers

   

BRATISLAVA – ESET researchers have uncovered malware-distributing spam campaigns targeting people in France. The malicious payload, named Varenyky by ESET researchers, comes with several dangerous functionalities. Not only can Varenyky be used to send spam, but it can also steal passwords and can spy on its victims’ screens when they watch sexual content online.

The first spike in ESET telemetry for this bot came in May 2019, and after further investigation ESET researchers were able to identify the specific malware used in the spam’s distribution. “We believe the spambot is under intense development as it has changed considerably since the first time we saw it. As always, we recommend that users be careful when opening attachments from unknown sources and ensure system and security software are all up to date,” says Alexis Dorais-Joncas, leading researcher at the ESET R&D center in Montreal.

To first infect their targets, the Varenyky operators use spam with a malicious fake invoice attachment, which lures the victim into “human verification” of the document; after that the spyware executes the malicious payload. Varenyky exclusively targets French-speaking users located in France. The quality of language used to fool the user is very good, hinting that the operators are fluent in French.

After infection, Varenyky executes the Tor software that enables anonymous communication with its Command & Control server. From that point forward, criminal activity goes into full swing. “It will start two threads: one that’s in charge of sending spam and another that can execute commands coming from its Command & Control server on the computer,” says Dorais-Joncas. “One of the most dangerous aspects is that it looks for specific keywords such as bitcoin and porn-related words in the applications running on the victim’s system. If any such words are found, Varenyky starts recording the computer’s screen and then uploads the recording to the C&C server,” he adds.

We have seen fake sextortion campaigns in the past, but this capability could very well lead to real sextortion campaigns. While at the beginning the Varenyky operators didn't leverage this approach, they have started to embrace it since the end of July. Furthermore, the cybercriminals are relying on bitcoin to monetize their wrong.

“Another noteworthy functionality is that it is able to steal passwords through the deployment of an application that we label as potentially unsafe,” says Dorais-Joncas. Other commands allow the attacker to read text or take screenshots.

The spam emails sent by the bot take the victims to fake smartphone promotions, whose sole purpose is to phish for personal information and credit card details. A single bot can send as many as 1,500 emails per hour. Interestingly, the targets of all the spam runs we observed were all users of Orange S.A., a French internet service provider.

For more details on this research, read “Varenyky: spambot à la Française” on WeLiveSecurity.com and follow ESET research on Twitter. 

 

About Version 2 Limited
 

Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

 

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defences in realtime to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centres worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit https://www.eset.hk/ or follow us on Facebook.

為何選擇ESET?

ESET擁有超過25年以上防病毒軟件開發經驗,讓我們更安全享受科技。ESET軟件對硬件要求低,對惡意軟件毫不留情。

ESET技術

ESET NOD32®防毒軟件獲獎技術,始終位於數字安全行業的最前沿。軟件每日更新,保護用戶數據安全。

免費支援

為您免費提供業內領先的本地售後技術支援。如有任何問題或查詢請在辦公時間內致電 (852) 2893 8186 查詢。