The malware supposedly arrived via compromised ads displayed on adult websites, and it has also copied all the target's contacts to the attacker.
Next, the attacker threatens to send the video to all the victim's contacts unless US$3000 ($4419) in Bitcoin is paid to erase the recording.
To make the extortion attempts believable, the attacker quotes the victims' passwords in the phishing email as if the malware has actually captured the login credentials. This is most likely not the case.
Instead the password comes from one of many data breaches such as the massive LinkedIn hack a few years ago.
The extortion messages have somehow sneaked through via a trusted email service so they weren't marked as phishes and filtered out. Also, many were sent to corporate email addresses.
As pseudonymous security researcher Krypt3ia found, the psychological manipulation of the phish has fooled a number of people and earned the attackers US$185,500 in Bitcoin.
By itself the sextortion phishing is bad enough and could cause enormous distress for people at a personal and professional level.
It is likely to get worse though, with attackers attempting to actually plant malware on people's computers in order to obtain recordings and their contacts to blackmail them for real. It's easy to fake potentially embarrassing videos as well.
Protect yourself and be careful with emails especially if they contain attachments, avoid dodgy websites, don't reuse passwords and cover up your webcam.
There seems to be no end to how disgusting people exploit information for their sick purposes.
Wired wrote about how a supposedly legit #MeToo support group on Facebook became a trolls' lair where women who had opened up about sexual abuse and sought each other's support were harassed and threatened.
That's lower than low, the epitome of harmful digital communication as New Zealand law has it.
It's hard to understand how people can deliberately want to hurt others as per the above examples. They do though, and halting such abuse before it gets to the stage that connecting to the internet becomes too dangerous personally and professionally should be a priority.