Insider Threat Trojan, Delilah, Makes Her Debut

According to Gartner, “Delilah” is the world’s first insider threat Trojan that targets individuals via social engineering and/or extortion, sometimes using ransomware techniques.

It allows attackers to capture sensitive and sometimes compromising footage of victim’s in order to extort them into an action – such as carrying out actions that could cause serious damage to their employers.

Israeli threat-intelligence security firm Diskin Advanced Technologies (DAT), is the one who discovered the Trojan. They reported that the malware is delivered to victims via a hidden bot that downloads from multiple popular adult and gaming sites. The bot then connects to a victim’s webcam and can film without their knowledge.

Insider Threat Trojan, Delilah, Makes Her Debut

According to DAT “It remains a closely held Trojan not yet available on the common black market, and is only shared amongst closed hacker groups.” The Trojan still has some flaws, and will occasionally yield error messages when the webcam is activated. Another noticeable trait of an infected device is constant monitor freezing, as there is a high volume of real time screen shots being taken – the lag can last for over 10 seconds.
However, unlike most malware, Delilah bots “require a high level of involvement by human operators in order to identify the right candidates to recruit as insider threats.” And that is just what attackers are looking to do – recruit. There has been a recent upsurge in concerns over insider threats, and how easy it is for resentful employees to announce to the digital world that they have access to their current/former organization’s sensitive data on the Dark Web.

Gartner believes that in order to combat Delilah and other bots of this nature, that it is critical to collect and analyze endpoint data and information on VPN usage and TOR connections. “The optimal way to do this is to feed EDR output into UEBA systems for correlations and advanced analysis of various events. Organizations should also seek to prevent endpoints from getting infected in the first place by preventing employees from visiting high risk adult and gaming sites using organizational systems.” Also, if you haven’t invested in a webcam cover at this point … well let’s just say you probably should.


Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

You can find Secure Sense on Facebook,  LinkedIn and Twitter. Follow us for current company and industry news.