Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Illegal Porn. Show all posts
Malware Campaign
Banking Cyber Scammers Cybersecurity Discord Illegal Porn malware Malware Campaign

Malware Campaign: Porn Viewers Should Hide Webcams

 

Any users who visit porn sites should be extra careful now. Porn viewers should hide their cameras. If users do not hide their webcams, they risk unpleasant recordings and extortion. Porn viewers should hide their webcams. 

According to a new blog post by security experts at Proofpoint, a new malware type is currently going viral. It is classified as an infostealer that reads various data and sends it in text form. However, there’s more to it. Another component of the new malware campaign specifically hacks the privacy of those impacted. 

Now, porn viewers should immediately protect their cameras. According to the report, the malicious software would immediately detect when someone opens an adult website on compromised browsers.  

Attack tactic 


The malware scans the page for keywords like “sex” or “porn”. In such incidents, it promptly captures a screenshot of the desktop and accesses the webcam to click an image of the person in front of it. 

These screen captures (sometimes nudes) are later used for extortion. Thus, it becomes crucial for porn viewers to at least cover their webcams to protect themselves from unsolicited recordings, from apps like Omegle. This is not the first time porn viewers have been targeted by scammers.  

While malware taking pictures is not a new tactic, it is still comparatively rare. Porn viewers should secure their cameras as much as possible. 

Potential for extensive data theft 


Researchers from Proofpoint explained that there can be extensive data theft, and the information can be disseminated through different platforms. The stolen data comprises: bank details, session cookies, session data, logins, email, access info, and system information keystrokes. The distribution takes place via platforms such as Telegram, SMTP, Discord, or file hosts. 

Phishing emails for malware 


The current malware is based on the open-source malware Stealerium; it is publicly accessible and has been active since 2022. Hackers can easily download and adjust it for their needs. 

Recently, there has been a surge in attacks despite the malware age. From May to August 2025, there was a spike in malware campaigns. The key distribution method of malware was phishing emails concerning legal or banking issues. Impacted users should be careful with messages from unknown senders and recognize phishing emails.  Even a single click could be hazardous.
Read more »
Zero Day exploit
FBI Featured Firefox Hacks Illegal Porn TOR Zero Day exploit

Almost Half of Tor sites compromised by FBI [Exclusive details]

As many of you might know the US has been pushing for the extradition of Eric Eoin Marques who an FBI agent has called as "the largest facilitator of child porn on the planet."

 But most of you might not know that he is also the owner of "freedom hosting" the largest hosting provider for .onion sites within the TOR network . This means that all the sites hosted by "freedom hosting" are at the hands of the FBI. As you can see from the above linked article freedom hosting has been accused of hosting child pornography for a very long time.

 I also have a fair idea on how the FBI did the "impossible", tracing a person who is using Tor.And they further might have found details on all the people visiting sites hosted by freedom hosting. First have a look at what a person posted on pastebin on Aug 3rd http://pastebin.com/pmGEj9bV he says he found this code in the main page of "freedom host" this further links to this exploit http://pastebin.mozilla.org/2776374 .





This is my analysis of the exploit ( I have not looked into it deeply as I am busy with my exams)
1. It is a 0 day for the Firefox version that comes as default with the "TOR Browser Bundle"
2. The code says "version >=17 && version <18" checks if the browser is the right version that the exploit works on .

It also has an another check
var i = navigator.userAgent.indexOf("Windows NT");
        if (i != -1)
                return true;
        return false;




3.It also manages to gather the Real IP of the user and possibly execute a malicious payload that might give the attacker full access to the system.
4. This exploits works because the people at TOR project had made it such that Javascript is loaded by the built in browser by default (this was not the case before and people who had their "no script" plugin with proper setting "disallowed" are safe)
5.Please note that is NOT a zero day for the TOR network but rather an exploit for the Firefox version that most TOR users are running.

Tor's official reply: https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting


Though the action's done by the FBI to take down child pornography in the TOR network is appreciated by all of us, many of the legitimate sites hosted by freedom hosting are also down .They should make sure that what they do does not kill the freedom and anonymity that the TOR network stands for.


Edit 1: Here are a few other deeper analysis I found --> http://pastebin.mozilla.org/2777139 , http://tsyrklevich.net/tbb_payload.txt

PS: If you have anything more that you would like to be added to this article or any corrections you can contact me on Twitter https://twitter.com/SuriyaMe 
Read more »
Subscribe to: Posts (Atom)