Delilah trojan seeks company weaknesses through insiders
Trojan targets insiders via social engineering, extortion, and ransomware
Researchers spotted a trojan, dubbed Delilah, designed to target potential insiders via social engineering, extortion, and ransomware tactics.
The trojan infects users via downloads from popular adult and gaming sites and once installed, the bot gathers personal information from the victim, including data on their family and workplace, so that the victim can later be manipulated or extorted, according to a Gatrner blog citing Diskin Advanced Technologies (DAT).
The bot also comes with a social engineering plug that connects to webcam operations so the attacker can secretly film the victim, the blog said.
Researchers said Delilah is currently buggy and requires a high level of human involvement to identify and prioritize targets who can be extorted into operating as insiders at desirable target organizations.
The trojan is only shared among closed hacker groups and is not yet available on the common black market.