The malware popularly called as “Varenyky” was named by its founder, watches the activity of infected computer until the pornographic website is visited and then it starts recording the screen, later the video is used for blackmailing and extortion
Varenyky was first discovered in May, in France according to the ESET reports. Varenyky is designed to target French computer users.
The malware starts by sending attached malicious code through fake email attachments as invoices in the form of Microsoft word attachments, the macro attached to malware ensures the user is French, if the targeted computer ticks its boxes, Varenyky determines which elements have to be downloaded on the target computer, and then execute macros that further install software which can steal passwords and can spy on the target system.
The moment target computer goes to the network that uses trigger keywords like “YouPorn, Pornhub, Brazzers” Varenyky starts recording computer screen using an FFmpeg executable - after that video is uploaded on the C&C server.
The risks involve blackmailing and sextortion. while the current reports suggest that the malware is relatively generic and is meant to target French computer users but in future could be potentially used to attack other individuals as well.