Skip to Content
Security & privacy

New malware records users visiting adult websites

It’s no secret that there are eyes all over the web keeping tabs on your every move — and it’s not all spyware and ad trackers doing it, either. In fact, some of the biggest names in tech routinely monitor your activity in order to learn about you, recommend content, and sell products and services to you.

But some activities are best left unmonitored. Our most intimate activities are the kind of material that unscrupulous marketers and cybercriminals are dying to get a hold of — and when they do, the end result is usually blackmail or worse.

Sextortion is a known problem that has only grown more difficult to contain. Now, a new breed of trojan is taking bolder steps to secure its blackmail material. When it infects a computer, this malware secretly records your screen — and any compromising material that might be on display. We’ll tell you how you can steer clear of this freaky piece of software.

Malware watches you watch adult videos

According to a new report from ZDNet, antivirus developer ESET has discovered a powerful new malware strain that spreads itself via spam and phishing emails. Its most notable feature, however, is installing a secret screen-recording function that lies in wait until the victim visits an adult website.

The malware, dubbed “Varenyky,” was first discovered in France earlier this summer. So far, it has only targeted French netizens — specifically subscribers of Orange S.A, a French internet provider.

The malware even goes so far as checking to make sure the computer and its user are French. But this isn’t likely to last, as the malware has been documented by researchers to be changing rapidly. Should it change again, it could easily spread to American email addresses and begin infecting computers right here in the U.S.

Varenyky propagates itself using thousands of spam emails per hour. Usually, these messages are part of a typical “click this link to win an iPhone” type of scam, but some of the messages contain content normally found in sextortion emails.

What makes Varenyky dangerous?

Unlike many of its brethren, Varenyky isn’t playing around when it comes to recording users. Although much of the malware’s current sextortion threats are just bluster, Varenyky actually installs sophisticated spyware on its victim’s computers that pays close attention to browser activity.

When it detects a known adult phrase or website being typed into a search bar, it automatically fires up its screen-recording tools in the background — capturing any activity and sending it back to an unknown source on the Tor network.

Varenyky doesn’t just stop there, either. The malware also captures usernames and passwords that are saved in the victim’s browser — which are then paired with any recordings or activity data. This allows the cybercriminals behind Varenyky to put a “name to a face,” so to speak, and add some additional bite to their sextortion threats.

As if screen recording and data harvesting weren’t scary enough, researchers are stressing that these capabilities are actually new to the malware. Since ESET started monitoring the threat, they’ve noticed frequent changes to the malware’s code as features are added and dropped. This means that we may only be seeing the beginning of what Varenyky is fully capable of.

How can I protect my computer from Varenyky?

The malware, in its current form, has stuck to targeting French internet users — and specifically customers of one French ISP. But that’s not to say that things will remain this way. As mentioned above, the malware is rapidly changing. It may not be long at all before it makes the inevitable jump across the pond.

That said, since the malware propagates itself via spam, the best defense is to avoid opening strange emails like the plague. Odds are, if a message is offering a “free” iPhone, iPad, or laptop, it’s probably not real. The same can be said for “sextortion” emails that arrive out of the blue. Your best hope to avoid being infected, naturally, is to avoid the primary vector of infection.

It’s also worth mentioning that visiting adult websites can be a security risk on their own. Many of these websites contain a plethora of trackers and malicious cookies that can stick around long after you leave.

As we’ve said numerous times before, if a service is free — you’re typically the product being sold. And if an adult website is free to visit, that begs the question: “Who would be interested in buying that data it has on you?”

We’ll be keeping an eye on Varenyky — as well as any developments surrounding its spread. This story will be updated as new information arises, but in the meantime, one of the best things you can do to protect your system from compromise is back up your vital data to a secure location for safekeeping.

Protect all your accounts and devices with our trusted partner and Komando sponsor, IDrive.  In light of all the massive data breaches, it’s more important than ever to make sure your digital assets are safe. Save 90% on 5TB of cloud backup when you sign up today. Just go to and use promo code Kim. 

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days