New Malware Secretly Films You Watching Porn, Then Uses It for Sextortion

Next time you are thinking about whacking it, BEWARE. Your stiffy could become an iffy.

There’s a new kind of malware floating around the internet, and it’s the stuff of Black Mirror nightmares. Security researchers have flagged a creepy cyberthreat called Stealerium, malware that literally watches you while you watch porn – then snaps a webcam photo of you in the act. Its endgame? Blackmail and sextortion.

Let’s back up. For years, you’ve maybe seen those scammy emails claiming someone hacked your webcam while you were “busy” and demanding cash or crypto to keep the footage private. Most of the time, those emails were just fishing for suckers. But Stealerium flips the script by actually doing the thing.

How Stealerium works (and how it finds you)

This isn’t just digital voyeurism – it’s full-on cyberstalking. Stealerium gets on your computer the classic way: phishing emails. These emails disguise themselves as messages from banks, charities, or even streaming services, tricking you into clicking links or opening attachments. Classic scare tactics like “Payment Due” or “Court Summons” are common bait.

Once inside your system, Stealerium acts like a spy with zero chill. It scans your computer for juicy stuff like saved passwords, credit card numbers, cryptocurrency wallets, and chat histories. Then it keeps an eye on what you’re typing and looking at, waiting for… certain keywords. Type “porn” or “sex” into your browser, and that’s its cue. It takes a screenshot of your screen and snaps a photo of you using your webcam. Those files get sent to criminals, who use them as leverage for blackmail.

Worse still, the malware’s code has been floating around GitHub for years – supposedly for “educational purposes” – but recently it’s been popping up in more actual attacks.

Why Stealerium is more dangerous than ransomware

Unlike most ransomware that targets companies and locks up files until a payout, Stealerium is laser-focused on regular people. It relies on shame, not encryption. And because many victims are too embarrassed to report it, the attackers stay under the radar. They only need a small payment from each person, but they can hit thousands at once.

And yes, everyone is at risk. This type of phishing campaign is fast, automated, and cheap to launch at scale.

What you can do to protect yourself

• Don’t click sketchy links or attachments, even if the email looks official. If you’re not expecting it, be suspicious. And never click a link that says it’s from your bank. Just type the website in yourself.
• Cover your webcam when you’re not using it. A slider, sticky note, or a proper webcam cover can spare you from a lot of regret.
• Keep your software up to date, especially your browser and antivirus tools.
• Use antivirus software if you don’t already. It can’t catch everything, but it’s better than flying blind.

In the meantime, maybe think twice before clicking into incognito mode. Stealerium doesn’t care about what browser you’re using – just what you’re doing.