In a curious evolution of online attempts to scam people, the Varenyky malware being tracked by Slovakian anti-malware company ESET briefly included a screen-recording feature that scanned for particular pornography-related terms before recording what was on screen.
During a presentation at the company's HQ in Bratislava, ESET's Ondrej Kubovic described how the malware "was able to record what was going on on the screen.
Not everything but when you opened the tab, specific keywords which were all explicit or sex-related."
Operating as part of what seemed to be a multi-stage extortion campaign, Varenyky steals passwords, spies on victims and receives command-and-control messages through Tor.
Once opened, the malicious attachment (which tends to be a Microsoft Office document) says it needs macros to be enabled; once the victim does that, the email payload downloads the real malware.
Once in place on the target device, the malware presents the threat text (saying the victim is in trouble with police, or has been filmed doing a private act, et cetera) along with a Bitcoin wallet address.