A new open-source porn malware, Stealerium is automating sextortion campaigns by capturing victims’ browser screenshots and webcam photos when visiting pornographic sites, according to Proofpoint.
Cybercriminals have redirected their attention toward individuals for personal extortion instead of corporations, exploiting victim shame to avoid law enforcement scrutiny, as individual devices lack advanced malware protection.
Available on GitHub, the malware monitors Chrome browsers for keywords like “porn” to activate its surveillance features and exfiltrates stolen data via Telegram or Discord.
Cybercriminal tactics are changing from large-scale advanced malware protection campaigns to more personal attacks where hackers focus on low-profile extortion schemes that may be less prone to legal scrutiny.
Porn Cyber Extortion vs Ransomware
Researchers at security firm Proofpoint revealed that Stealerium, an open-source infostealer circulating since May, combines conventional data theft—such as banking logins and crypto wallet keys—with a new sextortion feature. When a user browses pornography, the info stealing malware takes simultaneous screenshots of the browser and photos from the victim’s webcam.
“When it comes to infostealers, they typically are looking for whatever they can grab,” said Selena Larson, a Proofpoint researcher. “This adds another layer of privacy invasion and sensitive information that you definitely wouldn’t want in the hands of a particular hacker.”
Emails distributing Stealerium have been traced to campaigns targeting industries including hospitality, education, and finance.And while the porn malware is available on GitHub, its developer disclaims responsibility.
“How you use this program is your responsibility … I will not be held accountable for any illegal activities. Nor do I give a shit how u use it.”
Proofpoint’s analysis suggests the pivot to sextortion is a new, as the perpetrators are “trying to monetize people one at a time,” Larson explained, contrasting it with ransomware operations that seek multimillion-dollar corporate payouts.
Infostealer Malware Threatens Chrome’s Security by Bypassing Defenses
Beyond its sextortion capabilities, Stealerium functions like other infostealers: it harvests sensitive data and exfiltrates it via services such as Telegram, Discord, or SMTP. What alarms researchers is its ability to monitor Chrome browsers, exploiting keyword triggers such as “porn” or “sex” to activate the surveillance feature.
Proofpoint notes no confirmed victims yet, but the automation signals a potential new wave of cybercrime.
“Actual, automated webcam pics of users browsing porn is pretty much unheard of,” said Kyle Cucci, another Proofpoint researcher, citing only one similar campaign detected in 2019 by ESET.
Security experts warn that these kinds of innovations illustrate how infostealer porn malware is bypassing traditional defenses. Unlike ransomware, which will inevitably encrypt business information, these programs deceptively transgress individual confidentiality and will sometimes have reduced visibility or greater anonymity, especially when afflicted individuals feel too humiliated to report the crime.
With cyber thugs becoming experts in porn malware like Stealerium, the line between yesterday-school data theft and highly discreet extortion keeps on blurring, suggesting that the next huge war front for cybersecurity is not in the boardrooms but on computer screens.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.