For some, this is the ultimate nightmare: being caught watching porn by parents, children, or a partner. But in times when every laptop, every cell phone, and every tablet has at least one camera, there's an escalation of the whole thing: being caught watching porn by all internet users.
Surely, the affected person would do everything to prevent such a video from making its way onto YouTube and the link finding its way into the email inboxes of colleagues, friends, and acquaintances. Cybercriminals probably thought the same thing and devised a lucrative business model from this "idea."
Porn Add-On Chouhero for the PsiXbot Trojan
PsiXbot is the name of the malware – a malicious remote access Trojan that accomplishes this. The Trojan has been around for some time. It was originally used to remotely install malware on PCs but often remained inactive in the background. Many users are therefore probably not even aware that they had or still have this pest on their computer.
The insidious part now: PsiXbot was recently upgraded with a porn add-on (Chouhero). This porn add-on includes a dictionary with all relevant keywords. Whenever a user surfs to a porn site, the PC's webcam and microphone turn on. The webcam's indicator light is simply switched off. The user usually notices nothing. The recordings, along with the corresponding metadata (e.g., when and how long the porn was consumed on a specific site), then end up on the extortionists' servers.
Filmed watching porn by PsiXbot: All just a bluff?
In the past, it was a popular trick for cybercriminals to simply claim that they had filmed a user watching porn and masturbating. This, combined with the threat that they would simply send the video to the victim's entire address book or the entire email distribution list, was usually enough, and some "victims" reached for their wallets. Especially since the threat emails were occasionally enriched with data (old login data, for example) that originated from real hacker attacks. This made the bluff much more credible.
Note: You can check whether your login data and passwords have been stolen in a hacker attack – currently or in the past – via internet links such as https://haveibeenpwned.com/ or tools like the Identity Inspector. So whenever you are blackmailed and the extortionists use one of your (old) passwords to reinforce their demands, you can first check if and since when this data has been available to cybercriminals. In the event of a real theft of your data, you should change your passwords and logins as quickly as possible.
But back to the PsiXbot Trojan. Is the new trick with the porn add-on also just a bluff? Unfortunately, no. Even if the add-on certainly cannot successfully control every webcam and is not yet completely mature:
It can no longer be ruled out that such a video could be made and sent. For the police and IT experts, it is only a matter of time until the next large-scale extortion campaign with masturbation videos is launched.
Don't want to be blackmailed? Here's what you can do:
What should you do now? Below, we have summarized three short pieces of advice for you, just in case.
1. Scan your PC
PsiXbot hides quite skillfully on your PC. Invest the time and at least run a full scan with an antivirus program on your PC. Beforehand, apply all necessary updates, if you haven't already.
2. Never pay, secure evidence
As shown, an email from an extortionist is not yet proof that they actually filmed you. Based on their experience with numerous such cases, the police advise never to pay. Once you start, the demands for blackmail will increase – and it quickly gets around that they have found a willing victim. You will then be a much more popular target for further attacks. Instead, collect evidence and file a complaint.
3. Preventive protection
Of course, you can tape over your webcam. This protects you against video recordings from PsiXbot. But what about other threats that might do other things?
Therefore, for your own online safety, we recommend Cyber Shield. With it, you access all web content via a virtual sandbox and create a closed and completely secure environment for surfing the web. You can then do whatever you want in this sandbox. No malware in the world can penetrate this secured area to control your camera, record a video, or anything else.
