A newly-detected piece of malware dubbed "Delilah" has been fingered as probably the first such code created with the intention of extorting victims into stealing insider data.
The "Delilah" malware was found on exclusive crime forums by Israeli intelligence outfit Diskin Advanced Technologies, who say the trojan relies on a combination of social engineering, extortion and ransomware.
Deliah is distributed in tight circles only and kept off open crimeware forums .
Gartner fraud analyst Avivah Litan received information on the trojan and says it targets employees at their homes and offices.
"Once installed the hidden bot gathers enough personal information from the victim so that the individual can later be manipulated or extorted," Litan writes.
"This includes information on the victim’s family and workplace.
"This will only add to the volume of insider threats caused by disgruntled employees selling their services on the Dark Web in order to harm their employers."
"The bot comes with a social engineering plug-in that connects to webcam operations so that the victim can be filmed without his or her knowledge."
Diskin is staffed by former founders of Israel's ShinBet intelligence agency. The company says criminals need to apply intense social engineering skills when using the malware in order to parse those targets who could be extorted or convinced into committing insider theft.
Delilah is being loaded onto victim machines from gaming and adult sites and is reportedly still buggy, chewing conspicuous quantities of resources on some victims' machines and invoking approval messages when activating webcams.
Criminals have many other avenues to socially engineer victims. Traditional remote access trojans have the capability to activate webcams, monitor keystrokes, and download web browser histories.
That could be combined with social engineering skills, either learnt or bought through online services, to find sufficient information on a target to extort them into stealing corporate data. ®