This is our daily post that is shared across Twitter & Telegram and published first on here with Kindness & Love XX on peace-truth.com/
#AceNewsRoom With ‘Kindness & Wisdom’ Oct.05, 2022 @acebreakingnews
#AceBreakingNews – Modified version of Tor Browser spies on Chinese users: Patiently gathers data that can be used to identify the victims, says Kaspersky according to The Register by Laura DobbersteinWed 5 Oct 2022 // 11:32 UTC
The data collected by the browser itself includes internet history and data entered into website forms, said the threat hunter. More spyware was hidden in an accompanying library that collected further data, including computer name and location, user name, and MAC addresses of network adapters, before sending it to a command and control server.
The icing on the cake is an embedded functionality to execute shell commands, thus giving the attacker full control over the machine. The Tor Browser is designed for anonymity and enables use of the dark web. While some of the activity it facilitates is illegal, it is also often used for legitimate purposes. However, it is blocked in China.
Which is why Chinese residents sometimes resort to creative ways of downloading it, usually from third-party websites. In the case of the malicious version found by Kaspersky, a link was posted in January 2022 on a YouTube channel that advocates internet anonymity in the Chinese language.
The Tor project does offer some tips on using the product while in China and it begins with emailing it for an updated version of Tor Browser. For the record, The Reg is not advocating doing this nor for breaking any laws in China.
- Two years on, Apple iOS VPNs still leak IP addresses
- Tor onion hardening will be tear-inducing for feds
- BreachForums booms on the back of billion-record Chinese data leak
- Tor blimey, Auntie! BBC launches dedicated dark web mirror site
” We decided to dub this campaign ‘OnionPoison’, naming it after the onion routing technique that is used in Tor Browser,” said Kaspersky. Onion routing earned its name as it is a method for encapsulating messages in layers of encryption as if the messages are the center of an onion.
Kaspersky confirmed the threat actors were targeting victims in China as attempts to communicate with the C2 server and retrieve a second stage DLL only worked when faking a Chinese IP address. It is also difficult to access using automated malware analysis sandboxes.
“Curiously, unlike common stealers, OnionPoison implants do not automatically collect user passwords, cookies or wallets. Instead, they gather data that can be used to identify the victims, such as browsing histories, social networking account IDs and Wi-Fi networks,” said Kaspersky.
“The attackers can search the exfiltrated browser histories for traces of illegal activity, contact the victims via social networks and threaten to report them to the authorities,” added the cybersecurity company.
Modified Tor Browsers are not new, they’ve been used by attackers in the past and law enforcement has been accused of deploying them as well.
“Regardless of the actor’s motives, the best way to avoid getting infected with OnionPoison implants is to always download software from official websites,” warned Kaspersky. “If that’s not an option, verify the authenticity of installers downloaded from third-party sources by examining their digital signatures.” ®
Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com