Mobile ‘sextortion' schemes on rise, Trend Micro reports

Sextortion rings convince victims to record themselves performing sexual acts and threaten to distribute the recordings to all their contacts unless they pay up, according to a report by Trend Micro.

Sextortion rings that dupe victims into recording themselves performing sexual acts and afterward demanding ransom or they will publicly distribute the recordings are on the rise according to a report by Trend Micro.

The report details how the masterminds behind the scam in Asian countries rope in victims and collect payments but also how they developed their software tools, according to evidence gathered in cases in South Korea and Japan.

+ More on Network World: What network technology is going to shake up your WAN? +

One gang extorted $29,204 from 22 victims before being caught. The male victims were convinced by criminals posing as women via chat to video themselves performing explicit acts, according to the report.

The victims were also persuaded that their mobile-device connection was having audio problems and to download an Android app that would purportedly fix it, but the app actually stole their contact lists. The criminals used four separate versions of the data-stealing app, indicating an ongoing effort to improve their illegal operation. "The malware were classified according to package name. Differences in code and functionality were seen from variant to variant, which suggests ongoing malware development," the report says.

Investigators found evidence in a criminal's email account of receiving payment from at least five victims between Sept. 29 and Oct. 7, 2013. The emails also showed that accounts under two names were set up at three banks and all the account correspondence was sent to the same email address, zhuninhaoyun13 @ 163 . com.

The criminals carried out their scheme in campaigns that lasted a few weeks at a time, then set up in new accounts, the report says.

Code for the app that stole the contacts was found in a Google Code repository owned by a Chen Weibin, who worked on other projects including applications and Web sites for Android games, escort services and tax preparation, the report says.

Trend Micro says its investigation led them to believe the malware was written by a group of developers who live in Yanbian Korean Autonomous Prefecture, an area of China where Chinese and Korean are spoken.

"The sextortion schemes we uncovered are complex operations that involve people across cultures and nations working together to effectively run a very lucrative business," the report says. "These once again prove that cybercriminals are not just becoming more technologically advanced-- creating stealthier mobile data stealers, using complex stolen data drop zone infrastructures, and outsmarting banks to better evade detection--they are also improving their social engineering tactics, specifically targeting those who would be most vulnerable because of their culture."

Join the CSO newsletter!

Error: Please check your email address.

Tags trend microsecurity

More about GoogleTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts