A new form of infostealer malware named Stealerium has shocked cybersecurity experts by automatically snapping webcam photos when users watch porn online.
Unlike traditional malware that passively steals passwords and banking info, Stealerium actively monitors browser activity for adult content and simultaneously takes screenshots and candid webcam shots of victims.
This invasive spyware can be used by hackers for sextortion, leveraging these explicit images to blackmail victims.
Security researchers at Proofpoint reveal that the malware has been circulating in cybercriminal campaigns since May 2025 and is even openly available on GitHub.
How Stealerium Targets Adult Content Viewers
Stealerium functions by scanning the infected device’s browser for URLs containing keywords related to adult content, such as “porn” and “sex.”
Once detected, the malware captures screenshots of the offending browser tabs while instantly snapping images of the user via their webcam.
These photographs and screenshots are then sent to hackers through messaging platforms, including Telegram and Discord, or by email protocols.
This process is automated, removing the need for manual intervention and making sextortion attacks easier for cybercriminals to execute.
The Malware’s Wide-Ranging Impact and Delivery
Although infostealers often focus on stealing financial data and crypto wallet keys, Stealerium adds an embarrassing surveillance layer targeting privacy and personal dignity.
The malware typically arrives as a phishing email disguised as messages from banks, courts, or document services, urging victims to click on malicious links or attachments.
Once installed, it silently harvests data and covertly photographs victims as they browse adult content. Researchers have found that Stealerium is used primarily by smaller cybercrime groups looking to exploit individuals via blackmail, avoiding the higher risk of ransomware attacks aimed at businesses.
Experts warn that while no confirmed sextortion cases using Stealerium have been publicly documented yet, its capabilities signal a worrying evolution in cybercrime.
Watching porn online could thus expose users not only to usual privacy risks but also to the real threat of digital blackmail with concrete photographic evidence snapped in real-time.
This malware marks a rare automated use of webcam surveillance tied specifically to browsing habits, making privacy safeguards more vital than ever.