Sextortion-based hacking, one of the most unsettling forms of cybercrime, has taken a chilling turn in recent months. What was once a hands-on, manual process—where hackers would hijack webcams or blackmail victims with explicit images they had been tricked or coerced into sharing—has now been automated through advanced spyware, raising the stakes for personal privacy and security in the digital age.
On September 3 and 4, 2025, security researchers at Proofpoint sounded the alarm on a new variant of infostealer malware called Stealerium. According to reports published by Proofpoint and covered by multiple outlets, Stealerium has been linked to a series of cybercriminal campaigns since May 2025. Unlike traditional infostealers, which are already notorious for siphoning off sensitive information like bank details, usernames, passwords, and keys to cryptocurrency wallets, Stealerium introduces an even more invasive twist: automated sextortion.
So how does it work? Stealerium is programmed to monitor a victim’s computer for web addresses associated with explicit content. When it detects that a user is visiting pornography sites, the malware springs into action, capturing screenshots of the browser and simultaneously taking candid photos through the victim’s webcam. These images are then sent to hackers, who can threaten to release them unless the victim complies with their demands. As Selena Larson, a Proofpoint researcher, put it, “It’s gross. I hate it.”
The malware’s capabilities were first uncovered after Proofpoint discovered Stealerium in tens of thousands of emails sent by two small-scale hacking groups. These emails, which often masqueraded as fake invoices or payment notifications, were designed to trick recipients—ranging from employees in the hospitality, education, and finance sectors to private individuals—into downloading and installing the malicious software. Once installed, Stealerium quietly gathers a wide array of data and transmits it to hackers via common messaging platforms like Telegram and Discord or through standard email protocols.
But perhaps the most disturbing aspect of Stealerium is its accessibility. The malware is freely available on Github, distributed as an open-source tool by a developer known as “witchfindertr.” On the project’s page, the developer claims the software is intended for “educational purposes only,” stating, “How you use this program is your responsibility. I will not be held accountable for any illegal activities. Nor do I give a shit how u use it.” This dismissive attitude toward accountability has raised significant ethical concerns, as it effectively places a powerful tool for blackmail and privacy invasion into the hands of anyone with an internet connection.
Proofpoint’s analysis reveals that the sextortion feature of Stealerium is triggered by a customizable list of pornography-related keywords—terms like “sex” and “porn”—which hackers can alter to suit their targets. When these keywords are detected in a browser’s URL, the malware captures images from both the browser and the webcam at the same time. While Proofpoint has not yet identified specific victims of the sextortion function, the mere existence of such a feature suggests a substantial risk. As the researchers noted, the shift from manual to automated sextortion is a significant escalation in the threat landscape.
Kyle Cucci, another Proofpoint researcher, highlighted just how rare this kind of automated webcam capture is. He pointed to only one similar case, a 2019 malware campaign discovered by the cybersecurity firm ESET that targeted French-speaking users. “Actual, automated webcam pics of users browsing porn is pretty much unheard of,” Cucci said, underscoring the novelty and danger of Stealerium’s approach.
The broader context is equally troubling. According to Proofpoint, the move toward automated sextortion may reflect a larger trend among cybercriminals—especially lower-tier groups—who are shifting away from high-profile ransomware attacks and botnets. These larger operations tend to attract significant attention from law enforcement, making them riskier for criminals. Instead, these hackers are opting to target individuals, aiming to monetize their activities “one at a time,” as Larson put it. Victims of sextortion, especially those who might feel ashamed or embarrassed, are often less likely to report the crime, making them particularly vulnerable to this new wave of attacks.
The mechanics of Stealerium’s spread are as old as email scams themselves. Cybercriminals rely on social engineering tactics, sending out waves of emails with malicious attachments or links that appear to be legitimate business communications. Once a victim is tricked into installing the malware, Stealerium gets to work, harvesting everything from financial credentials to personal photos. The sextortion feature, however, adds a deeply personal and humiliating threat to the mix—one that can have devastating psychological effects on victims.
Despite the severity of the threat, Proofpoint has not yet confirmed any specific cases where Stealerium’s sextortion feature was used to successfully blackmail a victim. Nevertheless, the researchers warn that the presence of such functionality in the wild is cause for serious concern. The automated nature and ease of access to Stealerium amplify the dangers, potentially enabling even inexperienced hackers to carry out sophisticated extortion schemes.
The ethical implications of open-source malware like Stealerium are profound. By making such tools freely available, developers like “witchfindertr” effectively abdicate responsibility, leaving the door wide open for abuse. While the stated intent may be educational, the reality is that these programs are being weaponized by cybercriminals to invade privacy and exploit vulnerable individuals.
This development is a stark reminder of the evolving nature of cyber threats. The days when only large corporations or government agencies had to worry about targeted attacks are long gone. Now, ordinary individuals—often those least equipped to defend themselves—are finding themselves in the crosshairs of increasingly sophisticated and automated cybercrime operations.
For those concerned about falling victim to such attacks, experts recommend a combination of technical defenses and personal vigilance. Keeping software up to date, using strong passwords, and being wary of unsolicited emails are all essential steps. But as Stealerium demonstrates, the threat landscape is constantly shifting, and even the most cautious users can be at risk.
As the world becomes more digitally interconnected, the need for robust cybersecurity measures and ethical responsibility in software development has never been greater. The rise of automated sextortion tools like Stealerium serves as a sobering example of how technology can be twisted to serve malicious ends, and a call to action for individuals, companies, and policymakers alike to stay vigilant and proactive in the fight against cybercrime.
