A modified version of Tor Browser found spying on the Chinese

A modified version of Tor Browser found spying on the Chinese

Experts at the Kaspersky Laboratory found a modified version of the browser Tor, which collects confidential data on Chinese users, a history of site visits and information that allows them to be identified.

The modified browser keeps the history of page visits, as well as the data that are being entered into the webform fields. A set of software sets up a library that collects additional information: the name and location of the computer, the user name and the MAC address of the network adapter. There is even the possibility of remote execution of commands through the terminal, which in theory gives the operator complete control of the victim's vehicle.

In China, however, access to this resource is blocked, so people are sometimes forced to download an off-site installation file. A fake distribution by Kaspersky Laboratories discovered in a Chinese cloud file exchange: the program's outer interface is identical to the official version, but the modified version does not have a digital signature, and some of the files in the package are clearly different from the original ones. In short, the Tor project offers Chinese users to send installation files by e-mail.

In the Kaspersky Lab, the campaign was conditionally named "OnionPoison" in honor of the main method of routeting the Tor network. A distinctive feature of the campaign is its focus on Chinese users: trying to contact a command server and download a spy library, the dual program only works when the user has a Chinese IP address. It is emphasized that the program does not attempt to collect passwords, cookie files or krypto-shelf addresses -- it is interested only in data that can be used to identify the user: Identifiers of social media accounts and Wi-Fi networks.