Attackers are using a new piece of malware to gather private moments of employees in order to manipulate them into leaking company secrets.
According to Gartner fraud analyst Avivah Litan, the malware, which is dubbed "Delilah", has earned the title of the world's first insider threat trojan since it allows its operators to capture sensitive and compromising footage of victims, which can then be used to extort the victim or convince them to carry out actions that would harm their employer.
Details of Delilah were shared with Litan by Israeli threat-intelligence security firm Diskin Advanced Technologies. The firm reported that the malware is being delivered via multiple popular adult and gaming sites. It's not clear from Litan's report whether the attackers are using social engineering or software vulnerabilities to install the malware.
"The bot comes with a social engineering plug in that connects to webcam operations so that the victim can be filmed without his or her knowledge," noted Litan.