Compared to previous spams, the email body contains just a small snippet of the sextortion – a claim that the sender hacked and had access to the recipients’ photos, videos, contacts, and camera recordings. To make it more believable, the attackers attached an archive which serves as “proof” to their claim.
The samples below are in Italian, we translated parts of them for clarity.
The PDF file “personalmente.pdf” contains the details of the sextortion. The text of the ruse suggests that through malware installed on the recipient’s computer, the hackers were able to gain access to data, and, that the recipient should pay bitcoins to the sender to not release the captured video.
The content at the download URL is no longer accessible as of this writing.
The wider news here is that sextortion is a big thing right now, with several groups behind different campaigns. This one takes it a step further and includes a malware that serves as a door for other malware to be installed in the computer. If you happen to get one in your inbox, ignore it, and chances of it being real are remote.
personalmente.pdf (137332 bytes)
prove_12.js (8011 bytes)