Threat intelligence experts from Diskin Advanced Technologies have discovered a new trojan that is exchanged in closed criminal groups and is currently being used to infect workers at different companies and blackmail them to provide information on their employer.
Named Delilah, this custom piece of malware is a backdoor trojan that infects workers who visit online adult and gaming sites. Once on the user's device, the trojan starts collecting information on its target.
The crooks will amass vast amounts of data in an effort to gather as much information on the victim's family and workplace environment as possible. Additionally, the trojan also taps into the user's webcam feed and starts taking screenshots at regular intervals. Delilah is still buggy at the moment, and the victims often experience screen freezes as the trojan takes the screenshots, or often see popup error messages. Once the data collection phase finishes, the crooks go through the gathered information, select the raunchy bits, and use them to blackmail the employee, recruiting them to carry out malicious actions.
Diskin says Delilah is exchanged between a closed group of criminals on the Dark Web. Criminals who lack the social engineering skills to convince infected victims to join the "Dark Side" can rent the services from other crooks who possess the needed expertise. Employees recruited as insiders are told to steal company data and exchange the information via VPN connections or Tor sites.
Last month, Avivah Litan, Vice President and Distinguished Analyst at Gartner Research, revealed a growing trend among companies that started complaining about employees going to the Dark Web using a fake persona and leaking company data on purpose. This is the exact opposite as those incidents, when the employees are coerced by crooks to do the same, under the threat of having personal data and compromising images leaked online or to their colleagues.