Delilah malware secretly taps webcam, blackmails and recruits insider threat victims

Delilah malware taps computer and webcam to get dirty little secrets, then blackmails victims into becoming an insider threat and coughing up a company’s secrets.

webcam spying
Credit: skeeze

If your monitor has been freezing, hopefully it’s just a weird glitch; but if it started after you visited popular adult or gaming sites, and you have a webcam, then hopefully you are not victim of Delilah, the “first insider threat Trojan.” If you are, then cyber thugs are using Delilah to seek your secret weakness to blackmail you.

Really don’t sweat it as there is no reason to go into full paranoid mode, at least not yet, since Delilah is not on “common” black markets; for right now, Delilah is only being shared among “closed” criminal hacker groups to recruit targeted insiders.

Once Delilah has infected a machine, having been downloaded via gaming or adult sites, then it hides and lurks until it knows your dirty little secrets. The malware, which was discovered by threat intelligence firm Diskin Advanced Technologies (DAT), starts gathering personal information, including facts about family and workplace, as soon as it is installed; when it finds dirt, then cyber thugs will use it to manipulate or extort the victim into coughing up a company's secrets.

Gartner analyst Avivah Litan added, “The bot comes with a social engineering plug-in that connects to webcam operations so that the victim can be filmed without his or her knowledge.” Since Delilah is still a bit buggy, then there can be “constant monitor freezing – sometimes over 10 seconds – because of the high volume of real-time screen shots.” It also sometimes causes error messages when turning on the webcam.

It’s far from an automated process as “these bots still require a high level of human involvement to identify and prioritize individuals who can be extorted into operating as insiders at desirable target organizations.”

Once a criminal has blackmailed an insider to cooperate, DAT reported that “instructions to victims usually involve usage of VPN services, TOR and comprehensive deletion of browser history (probably to remove audit trails).”

Although the malware is currently being distributed only among tightly guarded criminal circles, thugs who might want to use Delilah, but lack the skills, can “acquire managed social engineering and fraudster services to help them out.”

While the “first insider threat Trojan” may not be completely honed and a finished product available to any cyber crook with the funds, Litan warned, “With Trojans like Delilah, organizations should expect insider recruitment to escalate further and more rapidly. This will only add to the volume of insider threats caused by disgruntled employees selling their services on the Dark Web in order to harm their employers.”

More VPN and TOR connection endpoint data needs to be collected and analyzed to fight Delilah and her similar cousin bots. IT security teams were advised to block adult and other risky sites in order to avoid endpoint infections in the workplace.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.