Modified Version of Tor Browser Spies on Chinese Users

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
Cybersecurity biz Kaspersky has spotted a modified version of the Tor Browser it says collects sensitive data on Chinese users.

The data collected by the browser itself includes internet history and data entered into website forms, said the threat hunter. More spyware was hidden in an accompanying library that collected further data, including computer name and location, user name, and MAC addresses of network adapters, before sending it to a command and control server. The icing on the cake is an embedded functionality to execute shell commands, thus giving the attacker full control over the machine. The Tor Browser is designed for anonymity and enables use of the dark web. While some of the activity it facilitates is illegal, it is also often used for legitimate purposes. However, it is blocked in China.

Which is why Chinese residents sometimes resort to creative ways of downloading it, usually from third-party websites. In the case of the malicious version found by Kaspersky, a link was posted in January 2022 on a YouTube channel that advocates internet anonymity in the Chinese language.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top