Vareniki Trojan blackmails visitors to porn sites
The spread of the virus began in May 2019 with phishing attacks on users’ emails. For example, promotions, smartphone giveaways, etc.
A feature of “Varenyky” is to record the user’s screen when he visits a pornographic site.
This is done using the FFmpeg library and a keyword dictionary. They include: “porn”, “brazzers”, “pornhub” and others
The Trojan code is regularly updated. In the latest sources, the processes of sending spam and processing commands from the server were parallelized.
Recently, victims of the virus began to receive ransom messages. Since the scammer recorded the user’s screen when he was watching porn.
The virus only attacks users with a French locale. But at any time it can be updated and spread to other regions.