Fake Tor browser contains malware

Spread the love

A student has discovered a website that offers a counterfeit Tor browser. The malware can secretly take screenshots, among other things. The suspected creators claim to use the counterfeit software to track down pedophiles.

A counterfeit website, very similar to the official Tor Project site, offered a Windows executable that contained a counterfeit Tor browser bundle. At the time of writing, the executable is no longer available for download. The counterfeit browser is very similar to the official Tor browser and allows the user to surf the Tor network “anonymously”, but the malware also contains various methods to spy on the user, computer science student Julien Voisin discovered.

Among other things, the malware is able to upload and download files, take screenshots, execute system commands and establish new network connections. The makers have also given the fake Tor browser an update mechanism. This is done through communication with a Tor server.

Voisin says he managed to contact the makers of the malware, who may be operating from China. They claim to use the software and website to track pedophiles who are active on the Tor network. They would post the links on forums where pedophiles reside. However, Voisin attaches little value to this claim, partly because the link to the bitcoin address in the donation option on the forged site has changed.

You might also like
Exit mobile version