Beware of your webcam.
Wired reports: “A new specimen of ‘infostealer’ malware offers a disturbing feature: It monitors a target’s browser for NSFW [not safe for work] content, then takes simultaneous screenshots and webcam photos of the victim” (“Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn,” September 3, 2025).
On Wednesday, researchers at security firm Proofpoint published their analysis of an open-source variant of “infostealer” malware known as Stealerium that the company has seen used in multiple cybercriminal campaigns since May of this year. The malware, like all infostealers, is designed to infect a target’s computer and automatically send a hacker a wide variety of stolen sensitive data, including banking information, usernames and passwords, and keys to victims’ crypto wallets. Stealerium, however, adds another, more humiliating form of espionage: It also monitors the victim’s browser for web addresses that include certain NSFW keywords, screenshots browser tabs that include those words, photographs the victim via their webcam while they’re watching those porn pages, and sends all the images to a hacker—who can then blackmail the victim with the threat of releasing them.
What do malware, theft of sensitive data, and humiliating and blackmailing people have to do with the Chinese Communist Party?
Well, the CCP has been in the news for its rampant and massive years-long infiltration of telecommunication networks and other systems in the United States and more than 80 countries around the world.
Maybe a Stealerium-style grabbing of compromising screenshots was not a part of the all-invading Salt Typhoon hack attack and will only be a part of China’s next cyber attack. Even so, thanks to Salt Typhoon and other cyber assaults, the Chinese government has been accumulating and sorting through a massive amount of private institutional and personal data at least some of which may provide means of blackmailing persons in a position to help the CCP harm the United States.
“ ‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every American,” reports The New York Times in an update about how godawful the Salt Typhoon attack has been (September 4, 2025).
Information collected during the yearslong Salt Typhoon attack could allow Beijing’s intelligence services to track targets from the United States and dozens of other countries….
British and American officials have described the attack as “unrestrained” and “indiscriminate.”…
“I can’t imagine any American was spared given the breadth of the campaign,” said Cynthia Kaiser, a former top official in the F.B.I.’s cyber division, who oversaw investigations into the hacking.
The Telegraph noted that “of particular concern was the ability of the hackers to burrow into the systems used for ‘lawful access’—the metaphorical backdoors telecom networks are required to set up to allow law enforcement implement wiretaps.” Yes. That the U.S. government forced telecom companies to roll out the red carpet for Red Chinese cyberhackers is a concern.
Is anybody being blackmailed at this very moment by the CCP as a result of data gathered by Salt Typhoon? Blackmail victims don’t always report that they’re being blackmailed.
