Extortion phishers harvest guilty coin bonanza

A new twist on a simple, emailed extortion campaign looks to have netted criminals around $250,000 from panicked users tricked into believing recordings from their webcams will be sent out to their contacts unless they pay.

In a cunning application of fear driven fleecing, users fooled into believing they've been hacked are handing over ransoms based on what could be a clever guess at their passwords.

Pseudonymous security researcher Krypt3ia has been tracking the Bitcoin wallets used by the extortionists, and found that they contain around US$185,500 in total.

He observed the attackers send out emails to victims, quoting their passwords and claiming they have installed malware on their computers.

Sample extortion emails published by Krypt3ia say the attacker purports to have booby-trapped videos from adult websites that the victim visited.

As part of the ruse victims are told malware they unknowingly installed has used the web browser on the victim's computer as a remote desktop with a keystroke logger which provides access to their system display and webcam.

To close the scam, the attacker says the malware has exfiltrated all the contacts on the computer, and has created a double-display video of the screen and the webcam, showing the victim "doing inappropriate things" while watching adult content.

Several users have been convinced that their computers are hacked and recordings of themselves will be sent out to their contacts, unless they pay US$2900-US$3200 in Bitcoin in ransom, in which case the attacker says the videos will be deleted.

Krypt3ia believes the passwords used by the attackers are from the large LinkedIn data breach, with corporate email accounts being targeted.

The attackers use Microsoft email services to relay the extortion emails, using randomly generated return addresses that don't exist, Krypt3ia said.

At this stage, it is not known who is behind the extortion campaign, but Krypt3ia said being aware of the blackmail messages and deleting them - or alerting the IT security - is the best way to deal with them.

In November last year, Krypt3ia got hold of a large amount of incriminating emails from Paul Manafort who worked on the campaign that saw Donald Trump being elected as the president of the United States.

A hack of Manafort's daughter's mobile phone was believed to be the source of the messages.

Manafort has surrendered himself to the Federal Bureau of Investigation, and will stand trial for bank fraud and tax charges later this month.