Hackers are able to capture video of people using porn websites

Malicious software is being used to automatically film people via their webcams while they watch pornography, security experts have discovered.

Hackers will then threaten to send the video to the users’ family if they don’t hand over money, often in the form of untraceable Bitcoin.

They will also threaten to send details of websites the user has visited and anything they may have typed into the computer, according to security firm Proofpoint. 

The malicious software, called ‘PsiXBot’, has to have been installed on a user’s computer for the hack to work. It can only be installed on computers running Microsoft Windows.

The software is often loaded on to a computer without the user knowing. It can be installed through a less reputable website or by downloading a video, music file or software that is carrying it. 

Using the threat of sending video of a person watching an adult website is known as ‘sextortion’ and has been around a long time. 

The addition of hackers being able to capture actual video is fairly recent. 

“PsiXBot has been around for several years but a new module has been added that allows hackers to capture video,” Proofpoint expert Werner Thalmeier told the German newspaper Bild.

Before the new PornModule was launched hackers would say there was video available of the user watching adult material but it rarely ever existed, says Mr Thalmeier.

“Now the threat is real and the program has already been distributed thousands of times,” says Mr Thalmeier. 

However, Paul Ducklin, computer security expert at Sophos says often hackers claiming to have your details are often bluffing. 

In almost all cases, this is a lie, says Mr Ducklin, who explained that extortionists will convince you they have hacked your computer and gained access to cameras by feeding you some private information about yourself. 

This can be passwords they have simply gathered from a data breach and leak. 

If it has been installed on a users machine the PsiXBot software sits in the background of a Windows computer waiting for a web browser page to open with a specific pornography related keyword in the title.

Hackers are able to monitor what is typed into a computer, capture footage from the webcam and upload the information to an ‘illegal server’, say experts. Stock image

When a user opens a page it is waiting for the software starts filming the user with the computer camera. 

It will then send the video, along with details of the websites visited to a ‘criminal server’ that can be used as part of a blackmail attempt.

Blackmailers will send an email containing a subject along the lines of ‘can publish everything’, ‘dirty video of you’, ‘I recorded you’ and ‘pervert’.

They will threaten to send the video, the websites the user visited and everything they typed into their computer to a list of email addresses, social media accounts and other contacts stolen from the user. 

‘This software is a semi-professional tool and much more dangerous than, say, attacks with manipulated e-mails, because the hidden program on the computer can hardly be found with a virus scanner,’ says Mr Thalmeier

Proofpoint recommends performing a full virus scan that could take hours depending on the size of the hard drive if a user gets one of these emails. 

HOW CAN YOU PROTECT YOUR INFORMATION ONLINE?

Because hackers are becoming more creative, security experts are warning that consumers need to take all possible measures to protect their identities (file photo)

1. Make your authentication process two-pronged whenever possible. You should choose this option on websites that offer it because when an identity-specific action is required on top of entering your password and username, it becomes significantly harder for fraudsters to access your information.
2. Secure your phone. Avoiding public Wifi and installing a screen lock are simple steps that can hinder hackers. Some fraudsters have begun to immediately discount secure phones altogether. Installing anti-malware can also be beneficial.
3. Subscribe to alerts. A number of institutions that provide financial services, credit card issuers included, offer customers the chance to be notified when they detect suspicious activity. Turn those notifications on to stay informed about credit card activity linked to your account.
4. Be careful when issuing transactions online. Again, some institutions offer notifications to help with this, which will alert you when your card is used online. It might also be helpful to institute limits on amounts that can be spent with your card online.