Cocky Scam: Malware PsiXbot Films Users Watching Porn

For some, this is their worst nightmare becoming reality: getting caught by their parents, children or partner watching porn. But in times when every laptop, cell phone and tablet has at least one camera, this situation is becoming a common occurrence: users get caught watching porn online.

Of course, the person concerned would do everything possible to ensure that the video evidence does not find its way onto YouTube and the link to it does not find its way into the email inboxes of colleagues, friends and acquaintances. This is probably what cyber criminals thought, too, when they devised a lucrative business model from this “idea”.

Porn Add-On Chouhero for PsiXbot Trojan

von PsiXbot beim Pornoschauen erwischt

PsiXbot is the name of the malware – a malicious remote access Trojan that does this. The Trojan has been around for quite some time. It was originally used to run malware on Windows PCs remotely, but often remained in the background. Many users are therefore probably not even aware that they had or still have this malware on their computer.

The perfidious reality: recently PsiXbot malware was upgraded with a new porn add-on (Chouhero). This porn add-on contains a dictionary with all the relevant keywords. Whenever a user surfs a porn site, the webcam and microphone of the computer are activated with the control light of the webcam simply switched off. As a rule, the user doesn’t notice anything. The recordings then end up on the blackmailers’ servers together with the corresponding metadata (e.g. when and for how long the porn on a particular page had been viewed).

Filmed by PsiXbot while watching porn: are they just bluffing?

Even in the past, cybercriminals have been known to claim that a user was filmed watching porn and masturbating. This, combined with the threat that the video would be sent to the entire address book of the person concerned or the entire email distribution list, was usually enough to get some ” victims” to reach for their wallets. Especially since the threatening emails were sometimes enriched with data (old login information, for example) that originated from real hacker attacks. That way the bluff was much more credible.

Note: using links on the Internet such as https://haveibeenpwned.com/ or tools such as the Identity Inspector, you can check whether your login data and passwords have been stolen in a hacker attack. So whenever you are being blackmailed and the blackmailers use one of your (old) passwords to enforce their demands, you can first check whether and since when this data has been available to the cybercriminals. In case of a real theft of your information, you should change your passwords and logins as soon as possible.

But back to the PsiXbot Trojan and how it jeopardizes your security on Windows. Is the new scam with the porn add-on also just a bluff? Unfortunately not. Even though the add-on can’t successfully control every webcam and is not yet fully developed, you can no longer rule out the possibility that such a video could be made and sent. For the police as well as IT experts, it is only a matter of time before the next large-scale blackmailing campaign with masturbation videos is launched.

No desire for being blackmailed? Here’s what you can do:

What should you do now? Below are three short pieces of advice for you just in case.

1. Scan your PC

PsiXbot hides itself in a very clever way on your PC. Invest your time and run at least one virus scanner completely on your PC. Download all the necessary updates beforehand, if not already done.

2. Never pay, secure the evidence

As we have already mentioned, an email from the blackmailer is no proof that he actually filmed you. Based on their experience with numerous similar cases, the police advise against paying. Once you have started, the blackmail demands will increase – and word quickly gets around that they have found in you an extortion victim willing to pay. You are then a much more popular target for further attacks. Instead, collect some evidence and file a complaint.

3. Preventive steps

Kein Filmen beim Porno-Konsum durch

With Cyber Shield you create a safe area and no malware in the world will be able to access your camera. That’s way better than taping your camera and hiding your face.

Of course you can still tape your webcam. This way you protect yourself against image capture by PsiXbot. But what about other threats that might do other things?

That’s why we recommend Cyber Shield for your safety and security on the Web. It allows you to access all Web content through a virtual sandbox, creating a closed and completely secure environment for browsing. With this sandbox you can do whatever you want. No malware in the world can penetrate this secure area to control your camera, record a video or do anything else.