Fleecing The onion: Darknet shoppers swindled outside Of bitcoins via trojanized Tor Browser #Tor_Browser

Fleecing The onion: Darknet shoppers swindled outside Of bitcoins via trojanized Tor Browser #Tor_Browser

November 9, 2019 0 By NewsTakers

This newly discovered trojanized Tor Browser has been spreading using two websites that claimed that they distribute the official Russian language version of the Tor Browser.
]org domain is very similar to the real torproject.org; it is just missing one letter.
However, it’s not possible for us to say how many viewers actually visited the websites and downloaded the trojanized version of the Tor Browser.
The modified settings of the trojanized Tor Browser in extension-overrides.js
The criminals want to prevent victims from updating the trojanized Tor version to a newer version, because in this case it will be updated to a non-trojanized, legitimate version.
All trojanized Tor Browser victims will use the same User-Agent; thus it can be used as a fingerprint by the criminals to detect, on the server-side, whether the victim is using this trojanized version.
As the criminals behind this campaign know what website the victim is currently visiting, they could serve different JavaScript payloads for different websites.
This trojanized Tor Browser is a non-typical form of malware, designed to steal digital currency from visitors to darknet markets.
TacticIDNameDescriptionExecution T1204 User ExecutionThe trojanized Tor Browser relies on the victim to execute the initial infiltration.Persistence T1176 Browser ExtensionsThe trojanized Tor Browser contains a modified HTTPS Everywhere extension.Collection T1185 Man in the BrowserThe trojanized Tor Browser is able to change content, modify behavior, and intercept information using man-in-the- browser techniques.Command and Control T1188 Multi-hop ProxyThe trojanized Tor Browser uses Tor onion service in order to download its JavaScript payload.
T1079 Multilayer EncryptionThe trojanized Tor Browser uses Tor onion service in order to download its JavaScript payload.Impact T1494 Runtime Data ManipulationThe trojanized Tor Browser alters bitcoin and QIWI wallets on darknet market webpages.

As I picked up my morning coffee, I scoped out the place for possible prey. A new cock to suck from a suitable guy was on my breakfast menu. I made eye contact with a good-looking 30-something but quickly realized that he was a former conquest. As he approached to say hello, I raised my hand like a traffic cop and shook my head no. He stopped and retreated, obviously disappointed. I was looking for some fresh meat. However, I was so horny and hungry for cock and hot cum that if nothing new was to my liking I would go back to the 30-something, but I had to act quickly, as always.

Source link