.
Kaspersky researchers have identified multiple cases of infections via malicious Tor Browser installers spread through Darknet explainer videos on YouTube. This channel has more than 180,000 subscribers, while the views counted on the video with the malicious link exceed 64,000.
Most affected users were from China. As the Tor Browser website is blocked in China, individuals from this country often resort to downloading Tor from third party websites. And cybercriminals are interested in disclosing their malicious activity through such services.
The parsed version of Tor Browser is set to be less private than the original Tor – it stores browsing history and all data that users enter in website forms. In addition, it distributes spyware to collect various personal data and send it to attackers’ servers. Interestingly, unlike many other thieves, OnionPoison does not seem to show a particular interest in collecting users’ passwords or wallets. Instead, they tend to be more interested in collecting victim-identifying information that can be used to track victims’ identities, such as browsing history, social media account IDs, and WI-FI networks.
This fact is worrying as the risks are shifting from digital life to real life. Bullies can collect information about the victim’s personal life, family or home address. In addition, there are cases where the aggressor used the information obtained to blackmail the victim.
The spyware also provides the functionality to run shell commands on the victim’s device.
‘Today we witness how video content replaces texts, while video platforms are more often used as search engines. Cybercriminals are well aware of current web consumption trends, which is why they started distributing malware on popular video platforms. This trend will stay with us for some time to come, which is why we highly recommend installing a reliable security solution to stay safe from all potential threats’.
Georgy Kucherin, security expert at Kaspersky.
To reduce the risk of falling victim to a similar malicious campaign, do not download software from suspicious third-party websites. If using official websites is not an option for you, it is possible to verify the authenticity of installers downloaded from third-party sources by examining their digital signatures. A legitimate installer must have a valid signature, and the company name specified on its certificate must match the software developer’s name.
Other interesting articles:
.
