Share this article on:
The scammer’s claims are likely untrue, but a new sextortion campaign combines spyware claims with sharing images of victims’ homes.
A new sextortion scheme observed by multiple researchers has emerged, with the scammers claiming to have installed the Israeli-made Pegasus spyware on a victim’s personal devices.
Multiple victims have shared emails from the scammers with both security expert Brian Krebs and 404 Media, but as both noted, there appears to be no actual evidence behind the scammers’ threats.
The emails contain the victim’s personal information – full name, phone number, and address – and an attached PDF that outlines the apparent threat, which includes a photo of that person’s home or other address.
The image appears to be taken from Google Maps, while the personal details are very likely sourced from a previous data leak, with the scammer combining the data with Google Maps in an attempt to make the threat appear credible.
“I suggest you read this message carefully. Take a moment to chill, breathe, and analyse it thoroughly,” the PDF said.
“We’re talking about something serious here, and I don’t play games. You don’t know anything about me but I know ALOT about you and right now, you are wondering how, right?”
The message goes on to say that the scammer has installed the Pegasus spyware on the victim’s devices and is aware of them watching “filthy videos and venturing into the darker corners of cyber space”, but the message itself is confused about just what has been hacked.
“I actually installed a Spyware called ‘Pegasus’ on a app [sic] you frequently use,” the scammer said.
“Pegasus is a spyware that is designed to be covertly and remotely installed on mobile phones running iOS and Android. And when you got busy watching our videos, your system started functioning as a RDP (Remote Control) which provided me total control over your device. I can peep at everything on your screen, switch on your camera and mic, and you wouldn’t even suspect a thing. Oh, and I’ve got access to all your emails, contacts, and social media accounts too.”
The scammer goes on to say that they also have videos of the victims “doing embarrassing things in your room”.
The scammer then demands a ransom of almost US$2,000 in bitcoin, payable by scanning a QR code included in the PDF.
Despite claiming to have intimate details of the victim’s browsing and other habits, the message does not name any websites or include any images from the supposedly recorded videos of the victim.
While the claims in the sextortion message are very likely fake, the scam campaign itself is, as 404 Media said, a highly sophisticated operation, leveraging easily accessed data from multiple sources – both legal and illegal – to create a credible threat.
If you’re concerned about your or someone else’s safety, dial 000 or contact your local police station immediately.
The AFP-led ThinkUKnow program has developed a resource to help the community identify sextortion and how to get help. The online blackmail and sexual extortion response kit aimed at young people aged 13 -17 is available from the ThinkUKnow and ACCCE websites.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.