Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Fake Tor Browser steals Bitcoin from Dark Web users

October 20, 2019
in Internet Security
Fake Tor Browser steals Bitcoin from Dark Web users
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

SEC pauses Telegram’s $1.7b cryptocurrency play
The Securities and Exchange Commission has taken emergency action to halt the digital token offering that has already raised $1.7 billion.

A covert campaign to deprive Dark Web users of their cryptocurrency has been exposed by researchers. 

You might also like

With its acquisition of Auth0, Okta goes all in on CIAM

Singapore Airlines frequent flyer members hit in third-party data security breach

Ransomware as a service is the new big problem for business

The cyberattackers behind the operation have been distributing a malicious version of the Tor Browser, required to access the underbelly of the Internet, for years — and have included a cryptocurrency stealer as a bonus. 

Entry into the Tor network is a requirement to access underground websites hosted on .onion domains and to capitalize on this need, the fraudulent operators promoted their version of the Tor package on forums and PasteBin as the “official Russian language version of the Tor Browser,” during 2017 and 2018, according to ESET. 

The Trojanized Tor installer is also promoted on two typosquatted websites, tor-browser.org and torproect.org. In Russian, the domains display messages informing visitors their Tor version is outdated and attempt to redirect them to another website containing a Windows-based installer. At present, there is no sign of a malicious macOS, Linux, or mobile version.

If installed, the custom Tor Browser functions in the same way as the legitimate application. However, changes have been made to settings and extensions to covertly disable updates — even going so far as to rename the updater tool — and to change the standard User-Agent to a value that can detect the program’s use server-side. 

See also: Researchers invent cryptocurrency wallet that eliminates ‘entire classes’ of vulnerabilities

The xpinstall.signatures.required settings have also been tampered with. The digital signature check implemented by the legitimate Tor service to prevent malicious programs or software that could compromise user safety and anonymity has been disabled, giving attackers carte blanche to modify, change or load add-ons. 

In addition, the HTTPS Everywhere add-on, included by default, has been modified to add a script that loads on every webpage and sends the user’s browsing activity directly to a command-and-control (C2) server controlled by attackers.  

Located in the Dark Web, the C2 also hosts a payload designed to be executed in the browser. This JavaScript payload specifically targets three large Russian-speaking Dark Web marketplaces.

CNET: Senator proposes data privacy bill with serious punishments

Purchases made in these marketplaces are usually done so using cryptocurrency such as Bitcoin (BTC) in order to mask the transaction and user’s identity. 

If a user visits these domains and tries to make a purchase by adding funds to their wallet, the script activates and attempts to change the wallet address, thereby ensuring funds are sent to an attacker-controlled wallet instead. 

The payload will also try to alter wallet addresses offered by Russian money transfer service QIWI. 

“In theory, the attackers can serve payloads that are tailor-made to particular websites. However, during our research, the JavaScript payload was always the same for all pages we visited,” the researchers say.

TechRepublic: Palo Alto Networks discovers new cryptojacking worm mining for Monero

It is not possible to say how widespread the campaign is, but the researchers say that PasteBin pages promoting the Trojanized browser have been visited at least half a million times, and known wallets owned by the cybercriminals have 4.8 BTC stored — equating to roughly $40,000. 

ESET believes that the actual value of stolen funds is likely to be higher considering the additional compromise of QIWI wallets. 

Whether Russian language-based or not, downloading software from third-party websites rather than official repositories comes with risk. The tactic of tampering with legitimate software for malicious purposes is a popular one, and to mitigate the risk of compromise, you should always check the source of new software downloads.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Banks say there's no shortage of machine learning talent

Next Post

How Machine Learning is helping in shaping space technology

Related Posts

With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Singapore Airlines frequent flyer members hit in third-party data security breach
Internet Security

Singapore Airlines frequent flyer members hit in third-party data security breach

March 5, 2021
Ransomware as a service is the new big problem for business
Internet Security

Ransomware as a service is the new big problem for business

March 5, 2021
Microsoft: We’re cracking down on Excel macro malware
Internet Security

Microsoft: We’re cracking down on Excel macro malware

March 4, 2021
Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill
Internet Security

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

March 4, 2021
Next Post
How Machine Learning is helping in shaping space technology

How Machine Learning is helping in shaping space technology

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Convergence of AI, 5G and Augmented Reality Poses New Security Risks 
Artificial Intelligence

Convergence of AI, 5G and Augmented Reality Poses New Security Risks 

March 5, 2021
2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms
Machine Learning

2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Survey Finds Many Companies Do Little or No Management of Cloud Spending  
Artificial Intelligence

Survey Finds Many Companies Do Little or No Management of Cloud Spending  

March 5, 2021
UVA doctors give us a glimpse into the future of artificial intelligence
Machine Learning

UVA doctors give us a glimpse into the future of artificial intelligence

March 5, 2021
Labeling Case Study — Agriculture— Pigs’ Productivity, Behavior, and Welfare Image Labeling | by ByteBridge | Feb, 2021
Neural Networks

Labeling Case Study — Agriculture— Pigs’ Productivity, Behavior, and Welfare Image Labeling | by ByteBridge | Feb, 2021

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Convergence of AI, 5G and Augmented Reality Poses New Security Risks  March 5, 2021
  • 2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms March 5, 2021
  • With its acquisition of Auth0, Okta goes all in on CIAM March 5, 2021
  • Survey Finds Many Companies Do Little or No Management of Cloud Spending   March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates