Sextortion scammers are hijacking blogs – and victims are paying up – Naked Security


Sextortion scammers have started hijacking poorly managed or defunct hosted blog sites to expand an increasingly profitable business. They have now started posting their messages – which dupe people into believing they’ve been filmed watching porn and demand a bitcoin ransom – to WordPress and Blogger sites.

The messages, which appear as blog posts from the administrators, take varying forms but all say the same basic thing: We’ve accessed your computer and filmed you in a compromising position using your webcam. Send bitcoin to our address or we’ll spill the goods.

Bleeping Computer searched for phrases common to many of the sextortion posts and came up with almost 1,500 results on Blogspot, which is the free domain service provider frequently used to host Blogger blogs. It also found around 200 hits on WordPress sites. Both of these are online blog hosting services, but we did not find any hits showing compromised self-hosted blogs.

The posts carry titles like “High danger. Your account was attacked” and “Security Notice. Someone have access to your system.” They begin with messages like:

As you may have noticed, I sent you an email from your account.

This means that I have full access to your device.

This is a different modus operandi than the email versions of these scams, which usually contain one of the victim’s passwords gleaned from a hacked password list. The attacker might have hijacked the account used to manage the hosted site by either compromising an administrator’s machine, or more likely using a simple credential-stuffing attack.