Thursday, March 28

Corrupted version of Tor Browser spies specifically on Chinese users



The malware collected sensitive data from Chinese users since at least March, perhaps as early as January, including browsing history, form data, PC name and location, username, and adapter MAC addresses. network, researchers at cybersecurity firm Kaspersky reported Tuesday.

A video posted on a Chinese-language YouTube channel included a link to the malicious version of the Tor Browser installer. The channel has more than 180,000 subscribers, and the video has been viewed more than 64,000 times, Kaspersky researchers Leonid Bezvershenko and Georgy Kucherin said in results released Tuesday.

A YouTube account uploaded the video in January 2022, and Kaspersky researchers started seeing victims in their data in March, after observing clusters of downloads of malicious Tor installers.

The researchers dubbed the campaign “OnionPoison,” referring to the multi-step onion routing that gives the legitimate Tor browser its name (“The Onion Router”), originally developed by the US Naval Research Laboratory, and his typical degree of anonymity.

The malicious installer loads a version of Tor that includes a spyware library designed to collect personal data and send it to the attacker-controlled server, according to the researchers, and may also give attackers the ability to execute shell commands on the machines of the victims.

It’s not clear who was behind the campaign, Kaspersky researchers said, but it is clearly targeting Chinese users. The command and control server checks IP addresses and only sends the malware to Chinese IPs, they said. Also, the video description includes a valid Tor Browser link, but since the Tor website is blocked in China, users are more likely to click the link that takes them to a downloadable file hosted on a Chinese Tor browser site. 3rd party cloud sharing.

Also Read  A bridge goes from being a "love letter" to citizens to becoming a public safety problem

Interestingly, the modified browser doesn’t automatically collect users’ passwords, cookies, or wallets, according to the researchers, instead targeting browsing history, social media account identifiers, and Wi-Fi networks. “Attackers can search exfiltrated browsing histories for traces of illegal activity, contact victims via social media, and threaten to report them to authorities,” the researchers wrote.

Kaspersky adds that the best way to avoid OnionPoison is to download Tor from the official website or, if that’s not possible, check the digital signature if it comes from a third-party site.

The Tor Project, meanwhile, reports on its website that the organization deployed a patch on Tuesday.

Illustration: Screenshot of the video including the download link of the malicious Tor Browser (Kaspersky)






diarioti.com

Leave a Reply

Your email address will not be published. Required fields are marked *