The command and control server checks IP addresses and will only send malware to Chinese IPs, they said. It’s not clear who was behind the campaign, the researchers said, but it clearly targeted at Chinese users. “What we did was to add a redirect so we are responding to the modified URL, this way people will update. “Basically this ‘poisoned’ Tor Browser modifies the update URL so it cannot be updated normally,” she said. Isabela Fernandes, executive director of the nonprofit Tor Project, told CyberScoop that the organization deployed a patch on Tuesday.
The malicious installer loads a version of Tor that includes a spyware library designed to collect the personal data and sends it to the attacker-controlled server, the researchers said, and can also give attackers the ability to execute shell commands on victims’ machines. Naval Research Lab, both its name (“The Onion Router”) and its typical degree of anonymity. The researchers dubbed the campaign “OnionPoison,” a reference to the multi-step onion routing that gives the legitimate Tor Browser, originally developed by the U.S. The channel has more than 180,000 subscribers, and the video has been viewed more than 64,000 times, Kaspersky researchers Leonid Bezvershenko and Georgy Kucherin said in findings published Tuesday.Ī YouTube account uploaded the video in January 2022 and Kaspersky researchers began seeing victims in their data in March after noticing clusters of malicious Tor installer downloads. A modified version of the Tor Browser collected sensitive data on Chinese users since at least March, maybe as early as January, that included browsing history, form data, computer name and location, user name and MAC addresses of network adapters, researchers with the cybersecurity firm Kaspersky said Tuesday.Ī video posted on a Chinese-language YouTube channel included a link to the malicious version of the Tor Browser installer.
0 kommentar(er)
