Cybersecurity biz Kaspersky has spotted a modified version of the Tor Browser it says collects sensitive data on Chinese users.
The data collected by the browser itself includes internet history and data entered into website forms, said the threat hunter. More spyware was hidden in an accompanying library that collected further data, including computer name and location, user name, and MAC addresses of network adapters, before sending it to a command and control server. The icing on the cake is an embedded functionality to execute shell commands, thus giving the attacker full control over the machine. The Tor Browser is designed for anonymity and enables use of the dark web. While some of the activity it facilitates is illegal, it is also often used for legitimate purposes. However, it is blocked in China.
Which is why Chinese residents sometimes resort to creative ways of downloading it, usually from third-party websites. In the case of the malicious version found by
Kaspersky, a link was posted in January 2022 on a YouTube channel that advocates internet anonymity in the Chinese language.
www.theregister.com
