Webcam Blackmail: How Cybercriminals Breathe Life into Laptops

By on Jul 20, 2016

Stories of inanimate objects coming to life are familiar to us. Movies such as Toy Story show the idea’s cultural weight, and Greek mythology on humans being morphed into objects show its history. But in today’s day and age, technology can make fairy tales seem real. What if the laptop, that familiar tool we use for just about everything, came to life?

Sure, the laptop isn’t actually a sentient being, but a new cybersecurity threat makes it feel that way. The computer malware named “Delilah” allows criminals to tap into users’ most sensitive information and capture photos of their lives—through the victims’ own computers.

Here’s how it works: the first contact happens unknowingly on adult and gaming websites, where the threat is unknowingly downloaded through malicious pop-ups and other methods. From there, the malware scans the computer for sensitive information. It hunts for family details, knowledge about workplaces, and embarrassing secrets. Cybercriminals then view this data combined in a single place. Once they dig up enough dirt, they proceed to blackmail the victim. There’s no alchemy here: it’s malware that transforms computers into a Pandora’s box.

But this threat can make laptops truly appear to have a life of their own. That’s because Delilah can hijack webcams to record a person’s life—as if the machine were watching the user. The malware takes regular screenshots of a user’s laptop, documenting websites, emails, receipts, and user accounts.

Now, this all sounds like a gadget from a spy movie—that’s actually not far off the mark. The malware is meant for recruiting insiders within organizations or extorting influential people. That’s a high-grade, niche purpose. That said, the virus is only being passed around in tight-knit illegal groups. So it’s pretty unlikely you’d come face to face with this threat as an individual. Common crooks don’t have their hands on it, and most people aren’t likely to be targets.

At the same time, everyone should be aware of these methods. Knowledge is important and there are similar, less advanced cybercriminal tactics being leveraged out there.

Here’s what you can do to stay protected every day, when connecting to your devices:

  • Don’t download unfamiliar files. For malware to do damage, it has to be installed onto your computer first. Prevent the problem at the outset. Don’t click on suspicious pop-ups or unfamiliar links.
  • Watch out for strange computer behavior. Some threats are noticeable. In this case, the Delilah malware often crashes the victim’s laptop due to the massive amount of screenshots it takes. Error messages are also common when webcam hijacking is enabled. The next time your computer starts acting weird, see a professional to check for malware.
  • Be careful with private information. Minimize the digital trail you leave on your computer. Don’t record sensitive information on your device if you can avoid it, and periodically scan your devices as part of a data clean-up—think of it like a digital spring cleaning, that you can do all year round.
  • Cover your webcam when not in use. This tip doesn’t take much—just a piece of tape. But this simple action can be important because, other than the Delilah malware, there are many camera-hacking tactics out there cybercriminals are using. Stay safe and block out the peeping toms.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.

gary

 

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs