It is not claimed that the program doesn’t use that method to identify the user: account identifiers or crypto-key wallets. It is a distinctive feature of the campaign that is focused on Chinese users: the twin program attempts to contact the C&C and download the spy library only if the user has Chinese IP address. The campaign was explicitly designated Onion Poison in Kaspersky Lab after the main routing mode of the Tor network. To say that, the project Tor allows Chinese users to send their installation files per e-mail. The program interface is externally identical to the official version, and although the modified version doesn’t have digital signatures, the two files in the package are clearly based on the original versions. A kwiss lab expert discovered a secret distribution on a cloud cloud file hosting service. This resource is blocked, however, because residents of China sometimes have to download the installation file from third-party resources. It is used regularly by criminals, although people of conscience also used it to bypass the ban. The Tor Browser is designed to provide anonymity on the internet. Since the pilot has been able to remotely execute commands through the terminal, it’s capable in theory that the pilot can control the victims machine remotely. It collects additional information such as the name and location of the computer, the username and MAC address of the network adapter. This modified browser saves the history of visiting pages and then the information entered into the form. Source: Michael Geiger / / Image Source: / Uploaded by: Mike Geiger. Kaspersky Lab experts have discovered a modified version of the Tor browser that collects secret data about Chinese users history and information that allows them to be identified.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |