Trend Micro is warning that mobile ‘sextortion’ is on the rise – and New Zealand is not immune.
The security company has just released a report, Sextortion in the Far East, and while the report focuses on East Asia, Zak Khan, Trend Micro ANZ director of custom cyber defence, says the pernicious form of blackmail – which Trend Micro acknowledges has been around almost as long as the technology that makes it possible – ‘knows no boundaries’.
While specifics of sextortion vary, in general cybercriminals were found to be posing as attractive women, intitiating conversations with male victims on chat platforms. The victim is convinced to move their chat to a platform with video capability – such as Skype and tricked into performing sexual favours online, with the cybercriminal then blackmailing the victim by threatening to expose the explicit recorded videos, pictures and chat conversations.
“Because this triggers instant shock and shame, the victim is often left with no choice but to pay the hefty sum,” Trend Micro says.
Where once the goal was sexual in nature, Trend Micro says in 2012, cybercriminals began to monetize it, and sextortion has now moved into being a lucrative money-making scheme.
One gang stole at least US$29,000 from 22 victims before being caught.
The report details improved modus operandi, using very aggressive information-stealing Android apps to gather information from victims. Cybercriminals pretend to have audio issues, convincing victims to download and install an Android app to fix the problem. Malware disguised as an app steals and send contact information on the mobile device to the cybercriminals.
Trend Micro researchers found that unlike many data stealers, the malware these cybercriminals use are persistent and exhibit various intrusive behaviours including retrieving and sending a victim’s entire contact list and account IDs; sending, deleting and intercepting messages and making, intercepting and terminating calls.
The malware can also record audio and get a detailed location of the device.
“Although our research expounds cases in East Asia, users worldwide should still take this threat seriously,” Khan says.
“There have been similar sextortion cases reported in Canada, the United Kingdom and the United States.”
Khan says in 2014, suspected members of a sextortion syndicate that targeted users in Australia and New Zealand, Hong Kong, the United Kingdom and the US were arrested in an Interpol-coordinated police operation.
“Developments in sextortion tools and tactics, such as the involvement of mobile malware, prove that this threat is also a lucrative business for cybercriminals,” Khan says.
He says New Zealanders should remember to practice safe computing habits and consider installing security solutions on devices.