Strike a Pose: Blackshades Malware Spies Through Your Webcam

By on May 23, 2014

In the old days, one simply had to draw their blinds to avoid peeping toms from spying on their private business. Now, it seems that even with the shades drawn, one must also shutter their webcam. Earlier this week, the FBI initiated a crackdown leading to the arrest of nearly 100 users of a program called Blackshades malware. This program allows hackers to remotely access the computers of their victims, enabling them to steal files, log passwords, and even turn on microphones and webcams unnoticed. What’s more? This spying software could be purchased online for as little as $40 U.S.D.

Blackshades malware is referred to as a remote access tool (RAT), meaning it allows the hacker to gain full access to your machine as if he were sitting right in front of it. The technology behind this threat is similar to that used by the IT department at your office. When Joe IT Guy needs to access your work computer to install updates, fix an issue with your settings, or remotely control your machine for a variety of other reasons, he can—with advanced warning and mutual understanding that he has the right to do so. Perpetrators of Blackshades malware aren’t quite as courteous.

Prior to the FBI crackdown this week, anyone with an Internet connection could purchase the Blackshades software, and they didn’t need to be a skilled hacker to use it, either. As security blogger Brian Krebs put it, “Blackshades was a tool created and marketed principally for buyers who wouldn’t know how to hack their way out of a paper bag.” The ease of use (and ease of purchase) associated with Blackshades malware illustrates the “hacking as a service” phenomenon, where anyone with the financial means necessary can become a cybercriminal. The software even came with tools known as “spreaders” which helped these novice cybercriminals distribute malicious links via social media, in an effort to infect more computers. As with most other malware attacks, Blackshades relies on you visiting an infected website or downloading an infected file in order to install a hacker’s malicious software on your computer.

The prepackaged malware also came with tools to help cybercriminals extract money from their victims, otherwise known as ransomware. Ransomware works by allowing the hacker to lock or encrypt files (sometimes even locking you out of your device completely), and then demand money in exchange for allowing you to regain access.

Blackshades malware is a multidimensional, robust software program with a relatively puny price tag. And just because the FBI has cracked down on its users, doesn’t mean it’s disappeared from the Web completely. In fact, this strain of malware has been around for years. Here are some steps you can take to protect yourself from virtual peeping toms:

  • Do not click on links from unknown senders. Whether a link is sent to you via email, Twitter, Facebook, or instant messaging—think twice before you click. Does the content look at all suspicious? Do you know the sender? Do you recognize the website the URL is pointing to? These are all questions you should ask yourself before you click, as cybercriminals rely on your inherent trust in your network to install malicious programs such as Blackshades on your devices.
  • Use web protection when surfing online. McAfee® SiteAdvisor® is a free tool (included with McAfee LiveSafe™ service), that gives you a warning message if you click on a bad link, but before you’re sent to that site. It also provides color-coded ratings on the safety of your browser’s search results and external links found in your Facebook, Google+ and LinkedIn newsfeeds when viewing from your PC or Mac.
  • Avoid attachments from unknown senders. Compromised links and email attachments are the leading tactics used by cybercriminals to infect your devices with malware. Unless you recognize the sender’s email address, do not download attachments to your machine.
  • Download apps, music, and movies from official sources. Whether on your home computer or mobile device, stick to trusted sources for all of your media needs. Downloading “free” movies and music from a third-party source may sound appealing in theory, but cybercriminals know your weakness and they aim to exploit it by labeling their malicious programs with appealing titles and price tags.
  • Install comprehensive security. Comprehensive security, like McAfee LiveSafe can protect you from phishing attacks and malicious websites as well as protecting your data, identity and devices from malicious software on your PCs, Macs, smartphones and tablets.

Don’t let roving eyes wander into your home through a webcam.

Gary Davis

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs