Android malware
Hackers in Asia are using Android malware masquerading as apps to repair audio problems to steal data for sextortion and blackmail Reuters/iStock/IBTimesUK

Gangs of cybercriminals in South Korea and Japan are now using advanced Android apps that can steal private data and record conversations for sex extortion – or sextortion – and blackmail.

Rather than just luring victims into performing embarrassing sexual acts on webcam which can then be used to extort money from them, hackers have now evolved to using malicious mobile apps to steal personal data and intercept text messages and phone calls.

According to a new report by cybersecurity researchers from Trend Micro, cybercriminals routinely make fake profiles on social media networks posing as attractive women to lure victims, and then persuade them to move onto a platform where there is video capability.

On that platform – Skype, for example – the hacker persuades the victim to have cybersex and then secretly records an explicit video of the user. The video is then used to blackmail the victim into paying money, under threat that the video will be made public on a video sharing website like YouTube.

But now, while recording the explicit videos (which can now be done on any number of mobile chat messenger apps), the cybercriminals also pretend they are having audio problems during the conversation, and then persuade the victim to switch to an Android device and download a fake chat messenger app that the hacker prefers to use.

Using a data stealer Android app to scare victims

The chat app is actually a data stealer malware that steals all the contact information stored on the victim's mobile device and sends it to the hacker. This information can in turn be used to scare the victim even further, by threatening to show the video to the victim's family, friends and colleagues, if the victim doesn't pay up.

"Mobile sextortion is prominent in South Korea though a case was also seen in Japan," the researchers write in their report. "In-depth investigation on various sextortion scams led us to developers in China tasked to create malicious apps and sites using Chinese and Korean."

The researchers discovered no less than 26 different malicious apps that included the keywords "voice support" and "security authentication". There were also fake apps masquerading as private messaging apps, such as Just the Two of Us and Single Talk, as well as photo apps like My Photo Box 2.0 Beta and Gallery 2.0 Beta.

Hacker maintained three different bank accounts

In one of the cases being investigated in Japan, the researchers found that the hacker had three different bank accounts registered to one email address.

The cybercriminal would carry out a campaign of luring the victim and then blackmail for several weeks, receive a payment to his email address, and then begin again with someone else.

"The sextortion schemes we uncovered are complex operations that involve people across cultures and nations working together to effectively run a very lucrative business," the researchers concluded.

"These once again prove that cybercriminals are not just becoming more technologically advanced — creating stealthier mobile data stealers, using complex stolen data drop zone infrastructures, and outsmarting banks to better evade detection — they are also improving their social engineering tactics, specifically targeting those who would be most vulnerable because of their culture."