Security Experts:

Connect with us

Hi, what are you looking for?



Sextortion Schemes Using Mobile Malware in Asia: Trend Micro

Cybercriminals in Asia are taking advantage of smartphones and mobile malware to rake in significant profits through sextortion schemes, a report from Trend Micro has found.

Cybercriminals in Asia are taking advantage of smartphones and mobile malware to rake in significant profits through sextortion schemes, a report from Trend Micro has found.

In sextortion cases, a victim is lured into performing explicit acts that are secretly recorded and then blackmailed with the video. In a new report, researchers at Trend Micro detailed how these sextortion gangs are operating. In one case, police in Japan arrested two men suspected of being part of a gang that stole at least Ɏ3.5 million (US$29,204.88) from 22 victims between December 2013 and January 2014. 

In a case in South Korea, cybercriminals posed as women, conversed with male victims on various chat applications such as Kakao Talk and setting them up for blackmail. They also convinced victims to download and install an Android data stealer and threatened to expose them. Each victim was asked to pay KRW 1 million (US$908.02) in exchange for the scammers not publicizing what they did.

The Android data stealer is used to retrieve and send victims’ contact lists to the cybercriminals with the goal of making the blackmail threats more effective, Trend Micro noted in the report.

“Our researchers have found that certain gangs in East Asia have improved on the sextortion modus operandi, creating a far more damaging effect on the victims,” blogged Ryan Flores, senior researcher at Trend Micro. “The new modus operandi involves Android malware that can steal the victims’ contact list and send them to the attackers. Attackers are then able to contact the victims’ families and friends directly—making for a more intimidating threat.”

According to Flores, Trend Micro’s investigation revealed four Android data stealer families being used in the schemes. Each variant contained “aggressive techniques” such as intercepting and logging the victims’ incoming text messages. They can also monitor changes in the infected device’s SMS inbox and block the victim from receiving new text messages unless they comply with the extortion demand. The malware can also prevent the victims from receiving calls. 

“Our investigation revealed the use of four Android data stealer families for sextortion,” blogged Flores. “The malware were classified according to package name. Differences in code and functionality were seen from variant to variant, which suggests ongoing malware development.”

The investigation also led to developers in China that are in charge of creating malicious apps and sites using Chinese and Korean. While the report focuses on East Asia, sextortion cases have been spotted around the world in countries such as Canada and the U.S. as well.

“The sextortion schemes we uncovered are complex operations that involve people across cultures and nations working together to effectively run a very lucrative business,” Flores noted. “These once again prove that cybercriminals are not just becoming more technologically advanced— creating stealthier mobile data stealers, using complex stolen data drop zone infrastructures, and outsmarting banks to better evade detection—they are also improving their social engineering tactics, specifically targeting those who would be most vulnerable because of their culture.”


Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...