Presumed Bitcoin scam Black Mirror style attacks users of pornographic sites

In a much discussed chapter of the series Black Mirror called Shut up and dance (Shut up and Dance), a teenager is recorded by a hacker while watching pornography, and both he and other victims must perform a series of illegal tasks (such as stealing and killing ) so that the pirate who has his video does not make it public.

Well, this is happening now in real life. In the cryptographic space a new scam has emerged that is aimed at viewers of adult content, through the alleged activation of web cameras remotely while users see pornography; After this, the criminal blackmails the users with the images obtained in exchange for bitcoins.

This situation is the reality for a series of people who in recent days have suffered this attack. Essentially, the malware allows a user to remotely control a webcam and film the user while visiting these adult pages. Then, after obtaining the video, the attacker sends an email informing the victim that the content of the recording can be sent to all his contacts unless the user pays the amount of USD $ 1,900 in bitcoins.

This has been a standard method of blackmailers for years, and is called, in this case, "cryptoblackmail" ("cryptographic blackmail"). This scam in particular starts by revealing the user's password, which was allegedly obtained through a data breach, in order for the recipient to know that it is authentic. They then report that the user's computer has been hacked by an RDP (Remote Desktop Program) that allowed them to make the video without the user noticing, after which they request the USD $ 1,900 in cryptocurrencies to be sent to a specified address within a lapse of 24 hours, on pain of disclosure of the content.

However, the message remains vague and does not mention names of specific pornographic sites, nor does it show any sample of the recording. The victim can request evidence from the victimizer by sending the recording by email to 9 recipients, instead of to all contacts; however, the vagueness of the message could mean that the scam is false and that the recording does not really exist.

Professor Emin Gün Sirer of Cornell University has spoken on the subject and advises anyone who has received such emails not to pay or try to negotiate with the scammers. Due to the scant details provided in the email, he believes that there has been a general posting to everyone on the haveibeenpwned list, an online service that allows users to check if their email has been compromised by hackers.