Categories
Ace Breaking News

BREAKING CHINA: Cybersecurity Kaspersky has spotted a modified version of the Tor Browser it says collects sensitive data on Chinese users.

This is our daily post that is shared across Twitter & Telegram and published first on here with Kindness & Love XX on peace-truth.com/

#AceNewsRoom With ‘Kindness & Wisdom’ Oct.05, 2022 @acebreakingnews

Ace News Room Cutting Floor 05/10/2022

Follow Our Breaking & Daily News Here As It Happens:

#AceBreakingNews – Modified version of Tor Browser spies on Chinese users: Patiently gathers data that can be used to identify the victims, says Kaspersky according to The Register by Wed 5 Oct 2022 // 11:32 UTC

The data collected by the browser itself includes internet history and data entered into website forms, said the threat hunter. More spyware was hidden in an accompanying library that collected further data, including computer name and location, user name, and MAC addresses of network adapters, before sending it to a command and control server.

The icing on the cake is an embedded functionality to execute shell commands, thus giving the attacker full control over the machine. The Tor Browser is designed for anonymity and enables use of the dark web. While some of the activity it facilitates is illegal, it is also often used for legitimate purposes. However, it is blocked in China.

Which is why Chinese residents sometimes resort to creative ways of downloading it, usually from third-party websites. In the case of the malicious version found by Kaspersky, a link was posted in January 2022 on a YouTube channel that advocates internet anonymity in the Chinese language.

YouTube is also banned in China, though people can access the site through a VPN.

The Tor project does offer some tips on using the product while in China and it begins with emailing it for an updated version of Tor Browser. For the record, The Reg is not advocating doing this nor for breaking any laws in China.

The malicious Tor Browser installer was hosted on a Chinese cloud sharing service and appears identical in terms of user interface to the authentic one. However, it did not have a digital signature and some of the files obviously differed from the original, said Kaspersky.

” We decided to dub this campaign ‘OnionPoison’, naming it after the onion routing technique that is used in Tor Browser,” said Kaspersky. Onion routing earned its name as it is a method for encapsulating messages in layers of encryption as if the messages are the center of an onion.

Kaspersky confirmed the threat actors were targeting victims in China as attempts to communicate with the C2 server and retrieve a second stage DLL only worked when faking a Chinese IP address. It is also difficult to access using automated malware analysis sandboxes.

“Curiously, unlike common stealers, OnionPoison implants do not automatically collect user passwords, cookies or wallets. Instead, they gather data that can be used to identify the victims, such as browsing histories, social networking account IDs and Wi-Fi networks,” said Kaspersky.

“The attackers can search the exfiltrated browser histories for traces of illegal activity, contact the victims via social networks and threaten to report them to the authorities,” added the cybersecurity company.

Modified Tor Browsers are not new, they’ve been used by attackers in the past and law enforcement has been accused of deploying them as well.

“Regardless of the actor’s motives, the best way to avoid getting infected with OnionPoison implants is to always download software from official websites,” warned Kaspersky. “If that’s not an option, verify the authenticity of installers downloaded from third-party sources by examining their digital signatures.” ®

#AceNewsDesk report ………..Published: Oct.05:  2022:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

By ace101

Ace Worldwide News Group working with Kindness & Wisdom in perfect harmony to provide help and guidance through news & views and the truth to people in need Amen