The next time you watch porn, cover your webcam

Published: 4 September 2025
Adult content filtering on Windows
Image by Cybernews.

Cybercriminals are taking sextortion to the next level by employing automated malware to take webcam images of users watching pornography.

Sextortion is a prolific form of cybercrime that works as a type of online blackmail. Usually, people are coerced or tricked into sending nude images, which will later be used to extort them.

While this type of cybercrime is typically done manually and takes a lot of work from the criminal to execute, hackers are now automating sextortion, making it easier to blackmail their victims.

ADVERTISEMENT

Research from the security firm Proofpoint, found by Wired, has uncovered a form of infostealer malware called Stealerium, which scans users' devices for not-safe-for-work (NSFW) content, such as pornography, and automatically takes a picture of the user through their webcam.

Stealerium is “able to detect adult content-related open browser tabs and takes a desktop screenshot as well as a webcam image capture,” Proofpoint researchers said in a report.

proofpoint-code-stealrium
Screenshot from Proofpoint

The infostealer malware has been used since early May 2025 and is designed to infiltrate the victim’s computer and automatically steal their data.

But this is different. While the use of infostealers to steal sensitive information isn’t uncommon, the action of detecting pornographic content and snapping an image of the person watching is novel.

Proofpoint said that this is most likely used for sextortion, as the malware searches for NSFW content, then takes a screenshot of the desktop and the webcam.

Terms like “porn” and “sex” are flagged by the malware and can then snap the images and exfiltrate the data.

porn-sex-malware-string
Screenshot from Proofpoint
ADVERTISEMENT

These images are then sent to the hacker via simple mail transfer protocol (SMTP), Telegram, and Discord, which can then be used to blackmail the victim.

Think about the pornography you watch. Would you like that to be publicized?

That’s why it’s particularly humiliating, as if you’re watching sensitive pornography which reveals specific fetishes, or if you watch “unconventional” content, that could then be used against you.

Niamh Ancell BW Izabelė Pukėnaitė Ernestas Naprys justinasv
Don't miss our latest stories on Google News
Google News Follow us

Sextortionists want your money, and they could successfully blackmail you if they obtain evidence that you’re watching porn that’s out of the ordinary.

What’s concerning is that Stealrium first emerged in 2022 and was public on GitHub, Proofpoint said, and the malware is still available for download for “educational purposes.”

The delivery method usually comes in the form of an email from a charitable organization, banks, courts, and document services.

proofpoint-bogus-email
Screenshot from Proofpoint

The subject of these emails often includes urgent messages or financial content such as payment due notices or court summons.

This is typical of phishing emails that employ urgency in order to get their victims to click on the infected link.

ADVERTISEMENT

Hackers will lure their victims into clicking a link to execute the malware, which then infects their device.

While there have been no instances that Proofpoint has found of bad actors using Stealrium for sextortion in the wild, the nature of the infostealer suggests that it could be used for this purpose in the future.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT