News

Source code revealed for malware that locks IoT male chastity devices

While ransomware operators are holding companies’ private data for multi-million dollar ransom amounts, this one’s got your private parts.

A piece of malware code spotted this week, dubbed ‘ChastityLock’ targets IoT male chastity locks and coerces the victims into paying the ransom amount or risk their tool being locked indefinitely.

Malware targets web API and mobile app

Last year, news reports emerged stating QIUI’s IoT-powered Cellmate chastity cages had serious security vulnerabilities.

A GitHub repository revealed this week contains the ChastityLock ransomware code that has instructions to take control of Cellmate IoT devices and communicate with the victim via the smartphone app to collect a ransom amount in Bitcoins.

Image: QIUI Cellmate Android app (Source: Google Play Store)

The finding came to light with a tweet from @vx-underground reading, “We’d like to uncomfortably announce we have received the source code to IoT Ransomware. that targets… Male Chastity devices…”

Security Report has observed the exposed piece of code contains instructions to communicate with QIUI’s API endpoints to enumerate user’s info, send messages to the victim’s app, add friends, request a ransom amount, and perform other tasks.

On connecting to an active session, the malware operator takes over the authority of the vulnerable IoT device and begins in-app interactions with the user. But the most striking bit of code appears on line 145.

This is where the malware operator demands a 0.02 BTC ransom amount (approx. $678 or £500 at the time of writing) via a threatening message sent to the Cellmate victim’s mobile app.

Until the ransom amount is paid to the threat actor and the transaction can be verified, the malware operator would retain the authority of the device.

Security Report also observed references in the code that hinted at the malware author enumerating a list of available QIUI devices they could probe into and takeover.

It is worth noting though, at the time of our testing, all of the API endpoints return the error message, “The specified key does not exist.”

However, the malware source code does reference terms like memberCode, binding, and friend requests which line up with what was in Pen Test Partners‘ original disclosure of security vulnerabilities in QIUI devices.

Whether this source code is functional or not remains debatable, but the next iteration of a copycat attack targeting your Cellmate device remains a possibility.

Pen Test Partners has provided a hardware workaround in the same blog post, should the malware manage to lock you in.

Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

12 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

12 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

12 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

12 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

2 years ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

This website uses cookies.