We review vendors based on rigorous testing and research, and also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.

Learn more

Advertising Disclosure

Report Reveals Open-Source Malware Captures Images Of Victims Watching Porn

Photo by Mohamed M on Unsplash

Report Reveals Open-Source Malware Captures Images Of Victims Watching Porn

Reading time: 3 min

Last Updated: Sep 5, 2025

Written by Andrea Miliani Tech News Expert
Fact-Checked by Sarah Frazier Content Manager

A recent report published by researchers at Proofpoint revealed that malicious actors have been using open-source malware labeled for “educational purposes” across multiple platforms to conduct cyberattacks. The experts discovered that this year, attackers employed automated infostealers in various campaigns, including taking pictures when users watch pornography for sextortion purposes.

In a rush? Here are the quick facts:

Report reveals malicious actors have been using open-source malware available for “educational purposes” for cyberattacks.
Stealerium and similar tools have been recently used for malicious campaigns.
Some malware variants activate webcams and take screenshots when users view pornography for sextortion purposes.

According to the report published by Proofpoint on Wednesday, the open-source malware studied—Stealerium and similar variants—have been publicly available on platforms such as GitHub “for educational purposes only” for a long time. However, the researchers noticed recent malicious activity related to the infostealer.

“While open-source malware can be helpful for detection engineers and threat hunters to understand the patterns of behavior for which they can develop threat detection signatures, it also provides a different kind of education to malicious actors,” explained the researchers in the analysis. “These actors may adopt, modify, and possibly improve the open-source code, resulting in a proliferation of variants of the malware that are not so easy to detect or defend against.”

The researchers discovered multiple attacks targeting hundreds of organizations across the globe attributed to the threat actors TA2715 and TA2536, and linked to Stealerium. The campaigns used phishing emails with malicious attachments, impersonated organizations across various sectors, demanded payments, and applied social engineering tactics designed to instill fear and urgency.

In one case, malware installed on a victim’s device stole a wide range of data and included a pornographic-content detection feature. When adult content was recognized in a browser URL, it triggered screenshots and webcam captures.

“It’s able to detect adult content-related open browser tabs and takes a desktop screenshot as well as a webcam image capture,” wrote the researchers. “This is likely later used for ‘sextortion.’ While this feature is not novel among cybercrime malware, it is not often observed.”

Proofpoint warned of the risks posed by open-source malware and the likelihood of a new wave of cyberattacks, urging organizations to strengthen their defenses.

In recent weeks, multiple sextortion campaigns have been reported. In May, multiple outlets reported that the “Hello Pervert” campaign had been targeting many email users, and experts have also raised concerns about the use of AI for sextortion schemes on dating apps.

Andrea Miliani

Written by: Andrea Miliani

Andrea Miliani is a Tech News Writer at watch-everywhere-guide. With a strong background in journalism, Andrea covers the most important stories in the tech industry. She researches and writes digestible content with the most relevant information for readers. Andrea has previously covered tech-related stories in other markets and has a keen interest in cybersecurity and generative Artificial Intelligence. As a freelance journalist and SEO writer, Andrea has lent her expertise to various brands and remote teams worldwide and authored pieces for esteemed publications such as Vogue and Business Insider. When she is not monitoring the tech market, Andrea enjoys working on Era Freelance, her online project for remote workers, learning languages online, trying the best travel apps, and connecting with nature at the beach or on a hike.

Did you like this article? Rate it!

I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot

5.00 Voted by 1 users

Title

Your email Please enter a valid email address.

Comment

Thanks for your feedback

Share & Support

WatchEverywhere is reader-supported so we may receive a commission when you buy through links on our site. You do not pay extra for anything you buy on our site — our commission comes directly from the product owner. Some providers are owned by our parent company. Learn moreWatch Everywhere was established in 2018 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of cybersecurity researchers, writers, and editors continues to help readers maintain their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, Intego and Private Internet Access which may be ranked and reviewed on this website. The reviews published on Watch Everywhere are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and thorough examination by the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article..