Mobile ‘sextortion’ schemes on rise, Trend Micro reports

Victims pay up or their sex videos get sent to their contact lists

Sextortion rings that dupe victims into recording themselves performing sexual acts and afterward demanding ransom or they will publicly distribute the recordings are on the rise according to a report by Trend Micro.

The report details how the masterminds behind the scam in Asian countries rope in victims and collect payments but also how they developed their software tools, according to evidence gathered in cases in South Korea and Japan.

+ More on Network World: What network technology is going to shake up your WAN? +

One gang extorted $29,204 from 22 victims before being caught. The male victims were convinced by criminals posing as women via chat to video themselves performing explicit acts, according to the report.

The victims were also persuaded that their mobile-device connection was having audio problems and to download an Android app that would purportedly fix it, but the app actually stole their contact lists. The criminals used four separate versions of the data-stealing app, indicating an ongoing effort to improve their illegal operation. “The malware were classified according to package name. Differences in code and functionality were seen from variant to variant, which suggests ongoing malware development,” the report says.

Investigators found evidence in a criminal’s email account of receiving payment from at least five victims between Sept. 29 and Oct. 7, 2013. The emails also showed that accounts under two names were set up at three banks and all the account correspondence was sent to the same email address, zhuninhaoyun13 @ 163 . com.

The criminals carried out their scheme in campaigns that lasted a few weeks at a time, then set up in new accounts, the report says.

Code for the app that stole the contacts was found in a Google Code repository owned by a Chen Weibin, who worked on other projects including applications and Web sites for Android games, escort services and tax preparation, the report says.

Trend Micro says its investigation led them to believe the malware was written by a group of developers who live in Yanbian Korean Autonomous Prefecture, an area of China where Chinese and Korean are spoken.

“The sextortion schemes we uncovered are complex operations that involve people across cultures and nations working together to effectively run a very lucrative business,” the report says. “These once again prove that cybercriminals are not just becoming more technologically advanced— creating stealthier mobile data stealers, using complex stolen data drop zone infrastructures, and outsmarting banks to better evade detection—they are also improving their social engineering tactics, specifically targeting those who would be most vulnerable because of their culture.”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.