[2019-10-18] ‘Trojanized’ Tor Browser steals Bitcoin from Darknet users

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: hatshepsut93 on October 29, 2019, 08:37:42 AM

But regardless of it all, my original point can still be applied - usage of Tor is not a sign of a privacy expert, so it's natural that even Tor users can fall victims to fake clients.

And it's also true that Tor users usually is more knowledgeable than regular users.

Quote from: Carlton Banks on October 29, 2019, 09:05:25 AM

there's a very simple reason.

I use Tor for most websites, because it adds noise to the signal, and that helps people who need Tor (including sometimes me). So if you're using Tor anyway for regular websites (loads of normal websites have a .onion version now, e.g. DuckDuckGo) that have a .onion url, guess what? The .onion site is faster to load, because the extra latency of sending it back out of Tor through an exit (and then back into Tor and only then on to your browser) is avoided, .onion traffic goes into Tor once and then straight back out to you.

Additionally, you avoid the risks of malicious exit node.

Carlton Banks

legendary

Activity: 3430

Merit: 3080

Quote from: hatshepsut93 on October 29, 2019, 08:37:42 AM

I can't even remember the last time I visited a .onion domain.

there's a very simple reason.

I use Tor for most websites, because it adds noise to the signal, and that helps people who need Tor (including sometimes me). So if you're using Tor anyway for regular websites (loads of normal websites have a .onion version now, e.g. DuckDuckGo) that have a .onion url, guess what? The .onion site is faster to load, because the extra latency of sending it back out of Tor through an exit (and then back into Tor and only then on to your browser) is avoided, .onion traffic goes into Tor once and then straight back out to you.

Quote from: hatshepsut93 on October 29, 2019, 08:37:42 AM

I can't even remember the last time I visited a .onion domain.But still reports put illegal uses at a very high level

I dunno, it's usually the same media sources that are full of "darkweb" ghost stories that say things like that.

Thought experiment: if Tor really works, and if newspapers aren't lying when they say they don't have intimate connections to intelligence agencies, then how could they possibly know what people are using Tor for?

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: Carlton Banks on October 29, 2019, 07:14:30 AM

but not always

I too use Tor for only legal purposes - visiting clearnet sites that are blocked for my country or my ISP, or when I simply want extra privacy for my searches. I can't even remember the last time I visited a .onion domain. And I know there's a ton of other legal/moral uses, like when dissidents use it to not get caught and imprisoned.

But still reports put illegal uses at a very high level, and even if it's not the majority of all uses, it's very likely the biggest group of uses. But regardless of it all, my original point can still be applied - usage of Tor is not a sign of a privacy expert, so it's natural that even Tor users can fall victims to fake clients.

Carlton Banks

legendary

Activity: 3430

Merit: 3080

Quote from: hatshepsut93 on October 18, 2019, 02:53:55 PM

If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites.

but not always

I run my own .onion domain, you know why? Nothing nefarious, it's just easier to set up an addressable IP that way. I can login to my Raspberry Pi remotely using the .onion address, then check my lightning node, manage it, or (only in rare cases for now) use it to pay for something.

asking your ISP to give you a static IP to use and configuring it through a router is not such a great option; if you change to a new ISP (or just move to a new place), it all has to be set up again. A .onion domain you can setup in about 5 minutes (less really), and you can take it anywhere without having to go through a whole load of bs. Bitcoin's gonna be supporting I2P and CJDNS sometime soon (and so hopefully Lightning will too). Those 2 are better tech than Tor in many ways, and you can use them just as easily to set up a reachable IP.

so using Tor can easily have nothing at all to do with anonymity (Lightning is designed to be anonymized whether you use it over Tor or not), it's simply a case of practicality for me.

Kyraishi

hero member

Activity: 952

Merit: 513

Not sure why this is such huge to be honest.. I might be oblivious, but I've only ever downloaded software from the offical sites and never from 3rd party resellers, especially if it's free software, why wouldn't you go from the main site? Just seems like people trying to find problems.

Quote from: mindrust on October 22, 2019, 12:56:36 PM

If you are running that shit on the same PC where you store your bitcoins, that means you are way too careless with your funds and need to wake up asap. TOR either should be running on a separate PC or under a virtual machine. That applies to almost any other program though. You don't use the same PC for everything.

It depends, if these are the same people downloading Tor off a fake reseller/file hoster, I don't think they would have the insight to set up a virtual machine and a VPN. I've always always had the mindset that if you have over 500 dollars of crypto-currencies, spend 100 and get a ledger wallet so even if your desktop or laptop was infected with malware, it would still need second factor authentication from the physical ledger.

InvoKing

legendary

Activity: 2142

Merit: 1065

✋(▀Ĺ̯ ▀-͠ )

Quote from: adeandro on October 23, 2019, 04:49:57 AM

Any specific version of Tor or any?

A fake russian version of Tor browser.
I wonder know why someone would download a known app from other places other than the legit official one...

WatchMaker

full member

Activity: 518

Merit: 104

PUFFY FINANCE

Quote from: Immakillya on October 19, 2019, 04:39:45 PM

Not new to me.

Quote from: Coin-1 on October 19, 2019, 11:13:11 AM

Quote from: hatshepsut93 on October 18, 2019, 02:53:55 PM

If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites. They might even have some false sense of security, thinking that they have already achieved full anonymity and there's nothing to worry about. This is a lot like people who install fake Bitcoin wallets - the reason why it happens is because most of the population doesn't know that you can and should verify digital signatures of developers, and when Windows warns them that they are about to install a software with unverified publisher, they mindlessly click ok, because they are used to pirate software or installing some junk.

As far as I know, TOR is used not only for illegal purpose such as purchasing drugs, guns, etc. There are many interesting forums in the Darknet, so people can communicate with each other without censorship. Moreover, Satoshi Nakamoto who created Bitcoin has always posted messages here using the TOR network.

TorBrowser must be downloaded only from the official site. The EXE file is signed by an organization called "The Tor Project, Inc.". In this case, no one will be able to steal bitcoins through the installed "trojanized" TOR.

We are not sure about that. TOR is been there for many years. Hackers will be able to crack the software and inject virus. Hackers are good at it. Injecting virus which steal Bitcoin. Even on clearnet we often face this kind of threat. How much more on Darkweb?

People are supposed to download the TOR Browser from the Tor official website. Before using the TOR browser people should know what they are going to be dealing with - which is the darknet. Darknet is not a place where you can mess around like Facebook, Twitter, and YouTube. Now, this is a lesson for many people to learn when dealing with darknet to have to be extra-smart and be very careful.

adeandro

jr. member

Activity: 66

Merit: 1

Any specific version of Tor or any?

mindrust

legendary

Activity: 3276

Merit: 2442

If you are running that shit on the same PC where you store your bitcoins, that means you are way too careless with your funds and need to wake up asap. TOR either should be running on a separate PC or under a virtual machine. That applies to almost any other program though. You don't use the same PC for everything.

InvoKing

legendary

Activity: 2142

Merit: 1065

✋(▀Ĺ̯ ▀-͠ )

Fake programs are always a big problem for users and fake-TOR or any other website wouldn't be immune from it.
Users especially those surfing the dark web should verify every step done twice...

Immakillya

sr. member

Activity: 560

Merit: 269

Not new to me.

Quote from: Coin-1 on October 19, 2019, 11:13:11 AM

Quote from: hatshepsut93 on October 18, 2019, 02:53:55 PM

If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites. They might even have some false sense of security, thinking that they have already achieved full anonymity and there's nothing to worry about. This is a lot like people who install fake Bitcoin wallets - the reason why it happens is because most of the population doesn't know that you can and should verify digital signatures of developers, and when Windows warns them that they are about to install a software with unverified publisher, they mindlessly click ok, because they are used to pirate software or installing some junk.

As far as I know, TOR is used not only for illegal purpose such as purchasing drugs, guns, etc. There are many interesting forums in the Darknet, so people can communicate with each other without censorship. Moreover, Satoshi Nakamoto who created Bitcoin has always posted messages here using the TOR network.

TorBrowser must be downloaded only from the official site. The EXE file is signed by an organization called "The Tor Project, Inc.". In this case, no one will be able to steal bitcoins through the installed "trojanized" TOR.

We are not sure about that. TOR is been there for many years. Hackers will be able to crack the software and inject virus. Hackers are good at it. Injecting virus which steal Bitcoin. Even on clearnet we often face this kind of threat. How much more on Darkweb?

electronicash

legendary

Activity: 3178

Merit: 1054

facebook users just click the advertised links and when prompt to them they just download and install without knowing its not the file from TOR project. but from the malicious user. things like this only happen to users who don't check where the file is from so they got compromised. its a clever trick actually that even a tech savvy may just be victimized too. when it says your TOR is outdated, a user may just want to update with it without checking.

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: Coin-1 on October 19, 2019, 11:13:11 AM

As far as I know, TOR is used not only for illegal purpose such as purchasing drugs, guns, etc. There are many interesting forums in the Darknet, so people can communicate with each other without censorship. Moreover, Satoshi Nakamoto who created Bitcoin has always posted messages here using the TOR network.

Yes, but that's not the point, this malware was targeting users of Darknet markets specifically:

Quote from: Bitcoin_Mafia_Me on October 18, 2019, 12:09:38 PM

According to malware researchers at cybersecurity firm ESET, the trojanized Tor Browser appears to be
specifically targeting users of three of the largest Russian-speaking Darknet markets.

Quote from: Coin-1 on October 19, 2019, 11:13:11 AM

TorBrowser must be downloaded only from the official site. The EXE file is signed by an organization called "The Tor Project, Inc.". In this case, no one will be able to steal bitcoins through the installed "trojanized" TOR.

Regular people don't know anything about digital signatures and verification of software, they just google "download X" and click the top result, or install something because they saw it on their forum or news feed. You either learn from mistakes of others or eventually repeat them yourself.

Coin-1

legendary

Activity: 2618

Merit: 2304

Quote from: hatshepsut93 on October 18, 2019, 02:53:55 PM

If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites. They might even have some false sense of security, thinking that they have already achieved full anonymity and there's nothing to worry about. This is a lot like people who install fake Bitcoin wallets - the reason why it happens is because most of the population doesn't know that you can and should verify digital signatures of developers, and when Windows warns them that they are about to install a software with unverified publisher, they mindlessly click ok, because they are used to pirate software or installing some junk.

As far as I know, TOR is used not only for illegal purpose such as purchasing drugs, guns, etc. There are many interesting forums in the Darknet, so people can communicate with each other without censorship. Moreover, Satoshi Nakamoto who created Bitcoin has always posted messages here using the TOR network.

TorBrowser must be downloaded only from the official site. The EXE file is signed by an organization called "The Tor Project, Inc.". In this case, no one will be able to steal bitcoins through the installed "trojanized" TOR.

malevolent

legendary

Activity: 3472

Merit: 1722

Quote from: hatshepsut93 on October 18, 2019, 02:53:55 PM

If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites.

True. Back when reddit still hosted various DNM subreddits, you could read people confessing what, when, and how they buy with bitcoins bought on Coinbase and sent straight to a DNM. Or thinking just adding a single hop with no mixer/coinjoin/whatever is enough.

Almost every time a DNM (or sometimes a DNM vendor) is taken down by some government's authorities, they can get many customers' personal information. Given the risks they're subjecting themselves to, a hell of a lot of people are as dumb as a sack of bricks.

stomachgrowls

hero member

Activity: 3010

Merit: 794

Quote from: target on October 18, 2019, 01:25:46 PM

How in the world he users got into the webpage like torproect[.]org (note the missing ‘j’)?

When I visit a webpage I often google it first, unless it outranked the oroginal and legit ones you'll end up to the misspelled and malicious website but its highly unlikely to outrank the real old ones. I can describe how stupid the person could be if he still landed to that website so whoever got to the website and download the TOR must have been the most messedup of all.

Sometimes you can really ask if these people or users do really able to read up carefully or just simply clicking up links without reading up or verification about on sites true link.

You can easily spot it out if you do know on what you are doing.Torproect.org site? People are just too lazy on verifying anything.They would only realize their mistakes
if they already lost up some coins.They do never learn and wondering how these privacy-concerned users arent aware this basic malware hacking attempts.

Kemarit

legendary

Activity: 3080

Merit: 1353

What a twist of event, criminals being played out by their fellow cyber-criminals. I guess those who used that trojanized Tor browser is safe from the prying eyes of the authorities, however, another set of criminals thought about setting up this website, very smart moved, LOL.

@target - I guess it was spread through other social media sites and not just on Google. That's one way those cyber criminals trick everyone, they don't rely on out ranking the real websites in Google because they will be obvious to the eyes.

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: ?? on ??

It's hard to believe people who have concern about anonymity/privacy to the point considering Tor Browser would fall to such trick.
Besides, people should be suspicious if the website only show Windows version.

The phishing website is still online though

If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites. They might even have some false sense of security, thinking that they have already achieved full anonymity and there's nothing to worry about. This is a lot like people who install fake Bitcoin wallets - the reason why it happens is because most of the population doesn't know that you can and should verify digital signatures of developers, and when Windows warns them that they are about to install a software with unverified publisher, they mindlessly click ok, because they are used to pirate software or installing some junk.

target

legendary

Activity: 2282

Merit: 1041

How in the world he users got into the webpage like torproect[.]org (note the missing ‘j’)?

When I visit a webpage I often google it first, unless it outranked the oroginal and legit ones you'll end up to the misspelled and malicious website but its highly unlikely to outrank the real old ones. I can describe how stupid the person could be if he still landed to that website so whoever got to the website and download the TOR must have been the most messedup of all.

SaShiRaJaVu

hero member

Activity: 1694

Merit: 541

Quote from: Bitcoin_Mafia_Me on October 18, 2019, 12:09:38 PM

A new report has revealed that a trojanized fake Tor Browser has been quietly spying on and stealing Bitcoin
from unwary Darknet users for years.

If you are not careful with what you download then you will end up giving your entire access to the hacker.

Quote from: Bitcoin_Mafia_Me on October 18, 2019, 12:09:38 PM

Aimed at Russian Darknet users, the malware is being spread through two separate websites claiming to be
distributors of the “official” Russian-language version of the popular anonymous web browser.

Scammers come up with original looking Phishing sites. If you are careful then you do not need to worry later.

Quote from: Bitcoin_Mafia_Me on October 18, 2019, 12:09:38 PM

Once installed, the browser allows the hackers to spy on users’ web activity, scrape form data, and – as it
turns out – steal their bitcoins.

If the software you use has a backdoor then it can monitor all your activities.

Topic: [2019-10-18] ‘Trojanized’ Tor Browser steals Bitcoin from Darknet users (Read 281 times)