Increase In Cyber Attacks On Indian Mobile Users Via Pornographic Content

By Debdutta Ghosh

It was sometime during the nationwide lockdown in India to prevent the spread of the novel coronavirus pandemic that an individual in Maharashtra received the following email, according to a cyber police official of the state. 

“I am aware that ****** is your password. I have placed a malware on adult video website and there is more. You visited this website to experience fun (you know what I mean). While you were watching video clips, your browser started out working as a RDP (remote control desktop) having a keylogger which gave me accessibility to your display screen and web cam, and made a double-screen video. First part displays the video you were watching (you’ve got a nice taste lmao), and next part displays the recording of your cam. What should you do? Well, in my opinion, $2900 is a reasonable price for our little secret. You will make the payment through Bitcoin (if you don’t know this, search ‘how to buy bitcoin’ in Google).”

This was not an isolated incident in the Western state of India as revealed by the cyber crime unit of the state. In fact reports have now emerged that a large number of people have been subjected to online extortion threats from hackers such as this one. The hackers reportedly claimed that they had complete access to the personal data of the targets and demand money, in many cases in bitcoins in exchange of not making public the details of websites that had been accessed by the target in recent times. Almost all such websites reportedly access by such targets were pornographic ones, police officials said.

The police expect that while only about 50 written complaints of this nature had been received by them, there were potentially thousands of such targets suspected to have received such mails till now. Police noted that most of the targets were working professionals, businessmen and elderly persons who had accessed pornographic sites during the restricted movement period. The increased time spent by people at home and online – mostly through their mobiles, also prompted them to visit and stay at pornographic websites. This became a shortcoming that is being exploited by cyber hackers. 

“The fraudsters place some malware on porn websites. When someone accesses such a site, the fraudsters manage to breach the data of that person. The browser then starts working as a remote control desktop, using which they access the visitor’s display screen and get the contact numbers of his friends, his contacts on social media and e-mails,” said Balsing Rajput, Superintendent of Police, Maharashtra Cyber Unit. 

This however does not seem to be an isolated trend limited to India alone and targeted on such individuals at time even before the pandemic hit the world. 

According to the recent report by cyber security firm Kaspersky Labs titled “Naked online: cyber threats facing users of adult websites and applications”, visit by users to pornographic websites has been the cause trigger of 25.4% of all malware attacks in mobile phones.

The Kaspersky report said that on the overall, the number of mobile users attacked by pornographic content grew two-fold in 2019 with 42,973 users registering complaints of this nature compared to the 19,699 who were targeted in 2018.

Kaspersky said that this massive jump in malware attacks as well as success of this attack has brought out two facts. Detection of the actual number of cases becomes an issue because those whose mobile phones are infected by malware from porn websites are generally reluctant to report the issue. Secondly, a much larger number of people are now consuming porn on their mobile phones and this has increased the opportunities for hackers to exploit this ‘human’ vulnerability, said Roman Unuchek, a security expert at Kaspersky.

Therefore the cyber security firm has pointed out that adult content has turned out to be one of the most used methods by hackers to try and infect devices. And yet those attacked or affected try and keep these incident private because of the rather sensitive nature of the browsing experience.

While other forms of attack vectors such as through phishing and spamming are being rampantly used by hackers to inject malware, use of pornographic websites for launching ransom attacks has gained momentum in recent times – particularly during the stay-at-home period because of the pandemic. 

“As users are becoming more mobile, so are cybercriminals. We have seen that although PC malware distribution has been dropping, mobile malware is on the rise,” Dmitry Galov, security researcher at Kaspersky, said in a statement.

“While we have not witnessed many changes in the techniques used by cybercriminals, statistics show that this topic remains a steady source of threats and usrs need to be aware of that, taking steps to protect access to the valuable data they keep on their devices,” it added. 

The analysis of this tactic involving porn related content as used by hackers was explored by researchers at Kaspersky by checked all files disguised as porn videos or adult content related installation packages for Android. They ran 200 popular porn tags against this database. The researchers noted that the most prominent mobile threat both in variety and in the number of attacked users was still the use of advertisement software in which users or targets are redirected to unwanted advertising pages.

‘Sextortion scams’ or blackmailing is one of the most harmful types of sex-related spam, Kaspersky noted. The company noted a rise of such scams in 2018 with the trend continuing in 2019 s well. 

The firm also cited a sample of such a ‘sextortion scam’ mail that is typically sent to a target after his/her device is hacked which matches with the mail that was quoted in the first part of this report as revealed by Maharashtra’s cyber unit. 

Both the Indian law enforcement agencies and cyber security firms therefore reiterate on maintaining cyber hygiene by users such as avoiding visiting un-authentic websites and those that do not begin with ‘https’ and purchasing a subscription to an adult content website, if one has to, only from the official website. Not opening any email attachments except with a security solution – particularly those from dark web entities even if a user expects such mails from an anonymous source is also a precaution. Avoiding downloading of pirated software and other illegal content on a mobile phone or a PC and checking of application permissions on Android devices to see what the installed apps are allowed to do are the other cautions that users should take.

Subscribe Our You Tube Channel