Sextortion—enticing victims to send naked or sexually suggestive pictures of themselves, which are then used to blackmail them for money or sexual favors—is not a new digital phenomenon. But the methods of accomplishing it are evolving. A new Android app has been developed expressly for use by sextortionist-minded hackers.
Trend Micro has found four malicious apps, which criminals can use to siphon their victims’ online passwords and contacts in order to give them more leverage with victims. They can also record conversations and intercept messages.
Researchers told the New York Times that the gambit involves soliciting victims through a number of online chatting tools like Skype, and enticing them to perform cyber-sex acts, which the criminals record. Then, they pretend to have audio or messaging problems, and ask the target to download an app to help “solve the problem.”
Of course, the problems are only beginning at that point.
Trend Micro was able to trace several of the Android app developers and their money links (temporary banking accounts are the method du jour) back to China—and victims for now are predominately located in China and Korea.
“The sextortion schemes we uncovered are complex operations that involve people across cultures and nations working together to effectively run a very lucrative business,” the researchers said. "Mobile sextortion is prominent in South Korea though a case was also seen in Japan.”
They added, "In-depth investigation on various sextortion scams led us to developers in China tasked to create malicious apps and sites using Chinese and Korean."
The researchers also discovered other crime-based apps, hiding as other things. A full 26 of them included the keywords "voice support" and "security authentication.” There were also fake apps masquerading as private messaging apps, such as Just the Two of Us and Single Talk, as well as photo apps like My Photo Box 2.0 Beta and Gallery 2.0 Beta.
"These once again prove that cyber-criminals are not just becoming more technologically advanced—creating stealthier mobile data stealers, using complex stolen data drop zone infrastructures, and outsmarting banks to better evade detection—they are also improving their social engineering tactics, specifically targeting those who would be most vulnerable because of their culture,” Trend Micro concluded.