‘I am a spyware software developer’ email scam tries to blackmail you
An email scam allegedly sends you an email from your own account and claims that you were hacked by a spyware software developer.
New sextortion email scams are popping up just about every week. The latest batch of these emails claims that a spyware software developer has hacked your account. An email will appear to be sent to you from your own email address, it shows you your past or current password for the email account, claims it has recorded you through your camera, and insists that you pay them to have your pictures and videos deleted.
There are a few different versions of the ‘spyware software developer’ emails. One of the most popular ones has a subject that says “Hacking Alert! You account was hacked” and another one has a subject that says “You password must be need changed.” There are more than these two examples.
The thing that these email messages have in common are that they state that a spyware software developer has hacked your account, they show you your past or current password, claim to have taken images and videos of you looking at adult websites, and demand that you pay a ‘ransom’ or they will send the videos to people in your contacts or people that you know.
Although this might seem like a legitimate and frightening threat, do not be alarmed by it. It’s just another sextortion email scam that has been in circulation and the same exact messages have been sent to many people.
You will still receive the message if you have never visited an adult website or if your device does not have a camera on it. Many people have.
Do not pay the scammer because they have not accessed your email account, they have not taken photos and videos of you, they do not have your data, and there is no real threat.
The email can be frightening because it shows the past or current password to your email account and the message appears to be sent to you from your own account; However, the email was not sent from your own account. A third-party email spoofing service was used and this can be proven by the IP address used to send the email.
The scammer obtained your password because your password was leaked online following a breach that occurred on websites like LinkedIn and Adobe. The scammer uses information leaked about you against you in order to attempt to blackmail you. To see where your email information may have been leaked from check out https://haveibeenpwned.com/.
Transcript of email message:
Subject: You password must be need changed (your password:)
From [your email address]
To [your password]
Date Today 05:38
Dear user of [email service]!
I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [your email address]: [your password] (on moment of hack).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt… on you…
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites).
Oh, yes .. I’m know your secret life, which you are hiding from everyone.
Oh my God, what are your like… I saw THIS … Oh, you dirty naughty person … 🙂
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!
So, to the business!
I’m sure you don’t want to show these files and visiting history to all your contacts.
Transfer $825 to my Bitcoin cryptocurrency wallet: 1GXazHVQUdJEtpe62UFozFibPa8ToDoUn3
Just copy and paste the wallet number when transferring.
If you do not know how to do this – ask Google.
My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am ‘working’ with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
In conclusion, do not pay the scammer and do not reply to the fraudulent email message. The only thing you need to do is change the password to your email account and other accounts for safe measure.
Please be advised that we have become aware that third-party scam websites are exploiting these email scams by claiming that your computer is infected with malware. In some cases, you can look up the BTC wallet on a search engine and find results that claim the wallet ID is a virus. These websites are attempting to persuade you to download malicious software that will put you in real danger. Avoid these websites if you come across them.
The email message does not mean that your computer is infected with malware; However, if you would like to scan your computer for malware and other potentially malicious files from your computer we recommended to use a reputable tool like Malwarebytes. Here are some instructions to scan and remove malware from your computer using Malwarebytes:
1. Download Malwarebytes Anti-Malware software to scan your computer and remove malicious files and potentially unwanted programs.
2. To install the program, click the file you just downloaded. It can usually be located in the Download folder.
3. A window that says “Welcome to the Malwarebytes Setup Wizard” will appear. Click Agree and Install to begin the installation. Once complete, click Finish.
4. Now the Malwarebytes is installed, open the program and click the Scan Now button – or go to the Scan tab and click the Start Scan button.
3. When the scan is complete click the Quarantine Selected button.
4. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.