Malware Attempts to Steal Credentials and Record Video of Victim

ESET researchers identified a malware variant, dubbed “Varenyky,” targeting users in France via spam emails. These emails contain a Word document attachment claiming to be a bill. Once opened, the document states that it is protected and requires human verification, a sneaky way to convince the user to enable macros. If macros are enabled, the malware determines the location of the targeted system. If the system is determined to be in France, the malware downloads and executes. The malware can then steal the victim’s passwords and record the user via the system's camera. The malware uses an FFmpeg executable to initiate video recording when it detects the word “sexe,” indicating the user may be visiting an adult content website. The video recordings could be used in extortion attempts. “Sextortion” emails have circulated since the summer of 2018 and claim to possess similar recordings. In those cases, however, there was no credible threat as no recordings actually existed. While the threat actors are currently focused on users in France, the malware could be used to target users in the United States. The NJCCIC recommends users review the ESET article, avoid opening email attachments from unknown senders, and refrain from enabling macros on documents received in email attachments.

AlertNJCCICmalware, Spam, email