Pages:
Author

Topic: [2019-10-18] ‘Trojanized’ Tor Browser steals Bitcoin from Darknet users (Read 281 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
But regardless of it all, my original point can still be applied - usage of Tor is not a sign of a privacy expert, so it's natural that even Tor users can fall victims to fake clients.

And it's also true that Tor users usually is more knowledgeable than regular users.

there's a very simple reason.

I use Tor for most websites, because it adds noise to the signal, and that helps people who need Tor (including sometimes me). So if you're using Tor anyway for regular websites (loads of normal websites have a .onion version now, e.g. DuckDuckGo) that have a .onion url, guess what? The .onion site is faster to load, because the extra latency of sending it back out of Tor through an exit (and then back into Tor and only then on to your browser) is avoided, .onion traffic goes into Tor once and then straight back out to you.

Additionally, you avoid the risks of malicious exit node.
legendary
Activity: 3430
Merit: 3080
I can't even remember the last time I visited a .onion domain.

there's a very simple reason.

I use Tor for most websites, because it adds noise to the signal, and that helps people who need Tor (including sometimes me). So if you're using Tor anyway for regular websites (loads of normal websites have a .onion version now, e.g. DuckDuckGo) that have a .onion url, guess what? The .onion site is faster to load, because the extra latency of sending it back out of Tor through an exit (and then back into Tor and only then on to your browser) is avoided, .onion traffic goes into Tor once and then straight back out to you.


I can't even remember the last time I visited a .onion domain.But still reports put illegal uses at a very high level

I dunno, it's usually the same media sources that are full of "darkweb" ghost stories that say things like that.

Thought experiment: if Tor really works, and if newspapers aren't lying when they say they don't have intimate connections to intelligence agencies, then how could they possibly know what people are using Tor for?
legendary
Activity: 3024
Merit: 2148
but not always

I too use Tor for only legal purposes - visiting clearnet sites that are blocked for my country or my ISP, or when I simply want extra privacy for my searches. I can't even remember the last time I visited a .onion domain. And I know there's a ton of other legal/moral uses, like when dissidents use it to not get caught and imprisoned.

But still reports put illegal uses at a very high level, and even if it's not the majority of all uses, it's very likely the biggest group of uses. But regardless of it all, my original point can still be applied - usage of Tor is not a sign of a privacy expert, so it's natural that even Tor users can fall victims to fake clients.
legendary
Activity: 3430
Merit: 3080
If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites.

but not always

I run my own .onion domain, you know why? Nothing nefarious, it's just easier to set up an addressable IP that way. I can login to my Raspberry Pi remotely using the .onion address, then check my lightning node, manage it, or (only in rare cases for now) use it to pay for something.

asking your ISP to give you a static IP to use and configuring it through a router is not such a great option; if you change to a new ISP (or just move to a new place), it all has to be set up again. A .onion domain you can setup in about 5 minutes (less really), and you can take it anywhere without having to go through a whole load of bs. Bitcoin's gonna be supporting I2P and CJDNS sometime soon (and so hopefully Lightning will too). Those 2 are better tech than Tor in many ways, and you can use them just as easily to set up a reachable IP.

so using Tor can easily have nothing at all to do with anonymity (Lightning is designed to be anonymized whether you use it over Tor or not), it's simply a case of practicality for me.
hero member
Activity: 952
Merit: 513
Not sure why this is such huge to be honest.. I might be oblivious, but I've only ever downloaded software from the offical sites and never from 3rd party resellers, especially if it's free software, why wouldn't you go from the main site? Just seems like people trying to find problems.

If you are running that shit on the same PC where you store your bitcoins, that means you are way too careless with your funds and need to wake up asap. TOR either should be running on a separate PC or under a virtual machine. That applies to almost any other program though. You don't use the same PC for everything.
It depends, if these are the same people downloading Tor off a fake reseller/file hoster, I don't think they would have the insight to set up a virtual machine and a VPN. I've always always had the mindset that if you have over 500 dollars of crypto-currencies, spend 100 and get a ledger wallet so even if your desktop or laptop was infected with malware, it would still need second factor authentication from the physical ledger.
legendary
Activity: 2142
Merit: 1065
✋(▀Ĺ̯ ▀-͠ )
Any specific version of Tor or any?

A fake russian version of Tor browser.
I wonder know why someone would download a known app from other places other than the legit official one...
full member
Activity: 518
Merit: 104
PUFFY FINANCE
Not new to me.
If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites. They might even have some false sense of security, thinking that they have already achieved full anonymity and there's nothing to worry about. This is a lot like people who install fake Bitcoin wallets - the reason why it happens is because most of the population doesn't know that you can and should verify digital signatures of developers, and when Windows warns them that they are about to install a software with unverified publisher, they mindlessly click ok, because they are used to pirate software or installing some junk.

As far as I know, TOR is used not only for illegal purpose such as purchasing drugs, guns, etc. There are many interesting forums in the Darknet, so people can communicate with each other without censorship. Moreover, Satoshi Nakamoto who created Bitcoin has always posted messages here using the TOR network.

TorBrowser must be downloaded only from the official site. The EXE file is signed by an organization called "The Tor Project, Inc.". In this case, no one will be able to steal bitcoins through the installed "trojanized" TOR.

We are not sure about that. TOR is been there for many years. Hackers will be able to crack the software and inject virus. Hackers are good at it. Injecting virus which steal Bitcoin. Even on clearnet we often face this kind of threat. How much more on Darkweb?
People are supposed to download the TOR Browser from the Tor official website. Before using the TOR browser people should know what they are going to be dealing with - which is the darknet. Darknet is not a place where you can mess around like Facebook, Twitter, and YouTube. Now, this is a lesson for many people to learn when dealing with darknet to have to be extra-smart and be very careful.    
jr. member
Activity: 66
Merit: 1
Any specific version of Tor or any?
legendary
Activity: 3276
Merit: 2442
If you are running that shit on the same PC where you store your bitcoins, that means you are way too careless with your funds and need to wake up asap. TOR either should be running on a separate PC or under a virtual machine. That applies to almost any other program though. You don't use the same PC for everything.
legendary
Activity: 2142
Merit: 1065
✋(▀Ĺ̯ ▀-͠ )
Fake programs are always a big problem for users and fake-TOR or any other website wouldn't be immune from it.
Users especially those surfing the dark web should verify every step done twice...
sr. member
Activity: 560
Merit: 269
Not new to me.
If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites. They might even have some false sense of security, thinking that they have already achieved full anonymity and there's nothing to worry about. This is a lot like people who install fake Bitcoin wallets - the reason why it happens is because most of the population doesn't know that you can and should verify digital signatures of developers, and when Windows warns them that they are about to install a software with unverified publisher, they mindlessly click ok, because they are used to pirate software or installing some junk.

As far as I know, TOR is used not only for illegal purpose such as purchasing drugs, guns, etc. There are many interesting forums in the Darknet, so people can communicate with each other without censorship. Moreover, Satoshi Nakamoto who created Bitcoin has always posted messages here using the TOR network.

TorBrowser must be downloaded only from the official site. The EXE file is signed by an organization called "The Tor Project, Inc.". In this case, no one will be able to steal bitcoins through the installed "trojanized" TOR.

We are not sure about that. TOR is been there for many years. Hackers will be able to crack the software and inject virus. Hackers are good at it. Injecting virus which steal Bitcoin. Even on clearnet we often face this kind of threat. How much more on Darkweb?
legendary
Activity: 3178
Merit: 1054

facebook users just click the advertised links and when prompt to them they just download and install without knowing its not the file from TOR project. but from the malicious user. things like this only happen to users who don't check where the file is from so they got compromised.  its a clever trick actually that even a tech savvy may just be victimized too. when it says your TOR is outdated, a user may just want to update with it without checking.
legendary
Activity: 3024
Merit: 2148
As far as I know, TOR is used not only for illegal purpose such as purchasing drugs, guns, etc. There are many interesting forums in the Darknet, so people can communicate with each other without censorship. Moreover, Satoshi Nakamoto who created Bitcoin has always posted messages here using the TOR network.


Yes, but that's not the point, this malware was targeting users of Darknet markets specifically:

According to malware researchers at cybersecurity firm ESET, the trojanized Tor Browser appears to be
specifically targeting users of three of the largest Russian-speaking Darknet markets.

TorBrowser must be downloaded only from the official site. The EXE file is signed by an organization called "The Tor Project, Inc.". In this case, no one will be able to steal bitcoins through the installed "trojanized" TOR.

Regular people don't know anything about digital signatures and verification of software, they just google "download X" and click the top result, or install something because they saw it on their forum or news feed. You either learn from mistakes of others or eventually repeat them yourself.
legendary
Activity: 2618
Merit: 2304
If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites. They might even have some false sense of security, thinking that they have already achieved full anonymity and there's nothing to worry about. This is a lot like people who install fake Bitcoin wallets - the reason why it happens is because most of the population doesn't know that you can and should verify digital signatures of developers, and when Windows warns them that they are about to install a software with unverified publisher, they mindlessly click ok, because they are used to pirate software or installing some junk.

As far as I know, TOR is used not only for illegal purpose such as purchasing drugs, guns, etc. There are many interesting forums in the Darknet, so people can communicate with each other without censorship. Moreover, Satoshi Nakamoto who created Bitcoin has always posted messages here using the TOR network.

TorBrowser must be downloaded only from the official site. The EXE file is signed by an organization called "The Tor Project, Inc.". In this case, no one will be able to steal bitcoins through the installed "trojanized" TOR.
legendary
Activity: 3472
Merit: 1722
If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites.

True. Back when reddit still hosted various DNM subreddits, you could read people confessing what, when, and how they buy with bitcoins bought on Coinbase and sent straight to a DNM. Or thinking just adding a single hop with no mixer/coinjoin/whatever is enough.

Almost every time a DNM (or sometimes a DNM vendor) is taken down by some government's authorities, they can get many customers' personal information. Given the risks they're subjecting themselves to, a hell of a lot of people are as dumb as a sack of bricks.
hero member
Activity: 3010
Merit: 794


How in the world he users got into the webpage like  torproect[.]org (note the missing ‘j’)?

When I visit a webpage I often google it first, unless it outranked the oroginal and legit ones you'll end up to the misspelled and malicious website but its highly unlikely to outrank the real old ones. I can describe how stupid the person could be if he still landed to that website so whoever got to the website and download the TOR must have been the most messedup of all.
Sometimes you can really ask if these people or users do really able to read up carefully or just simply clicking up links without reading up or verification about on sites true link.

You can easily spot it out if you do know on what you are doing.Torproect.org site? People are just too lazy on verifying anything.They would only realize their mistakes
if they already lost up some coins.They do never learn and wondering how these privacy-concerned users arent aware this basic malware hacking attempts.
legendary
Activity: 3080
Merit: 1353
What a twist of event, criminals being played out by their fellow cyber-criminals. I guess those who used that trojanized Tor browser is safe from the prying eyes of the authorities, however, another set of criminals thought about setting up this website, very smart moved, LOL.

@target - I guess it was spread through other social media sites and not just on Google. That's one way those cyber criminals trick everyone, they don't rely on out ranking the real websites in Google because they will be obvious to the eyes.
legendary
Activity: 3024
Merit: 2148
It's hard to believe people who have concern about anonymity/privacy to the point considering Tor Browser would fall to such trick.
Besides, people should be suspicious if the website only show Windows version.

The phishing website is still online though

If someone is using Tor, it doesn't mean that they are some l33t cypherpunks, it's likely just people who want to buy drugs online, and use that browser because that's the only way to access .onion sites. They might even have some false sense of security, thinking that they have already achieved full anonymity and there's nothing to worry about. This is a lot like people who install fake Bitcoin wallets - the reason why it happens is because most of the population doesn't know that you can and should verify digital signatures of developers, and when Windows warns them that they are about to install a software with unverified publisher, they mindlessly click ok, because they are used to pirate software or installing some junk.
legendary
Activity: 2282
Merit: 1041


How in the world he users got into the webpage like  torproect[.]org (note the missing ‘j’)?

When I visit a webpage I often google it first, unless it outranked the oroginal and legit ones you'll end up to the misspelled and malicious website but its highly unlikely to outrank the real old ones. I can describe how stupid the person could be if he still landed to that website so whoever got to the website and download the TOR must have been the most messedup of all.
hero member
Activity: 1694
Merit: 541
A new report has revealed that a trojanized fake Tor Browser has been quietly spying on and stealing Bitcoin
from unwary Darknet users for years.
If you are not careful with what you download then you will end up giving your entire access to the hacker.

Aimed at Russian Darknet users, the malware is being spread through two separate websites claiming to be
distributors of the “official” Russian-language version of the popular anonymous web browser.
Scammers come up with original looking Phishing sites. If you are careful then you do not need to worry later.

Once installed, the browser allows the hackers to spy on users’ web activity, scrape form data, and – as it
turns out – steal their bitcoins.
If the software you use has a backdoor then it can monitor all your activities.
Pages:
Jump to: