You are currently viewing This fake Tor browser circulating massively on YouTube hides dangerous spyware

This fake Tor browser circulating massively on YouTube hides dangerous spyware

Kaspersky has reportedly discovered that a modified version of Tor Browser, the free browser that lets you browse the Internet anonymously, would be made available to users in Chinese-language videos on YouTube. The researchers point to a campaign that is more about surveillance than cybercrime.

Photo credit: Pexels

Ironically enough, the link to the malware would be made available to visitors in the information of a YouTube video teaching them how to stay anonymous online. Could OnionPoison, this is the name of this malware distribution campaign, be sponsored by state authorities? We cannot be sure, but note all the same that the hackers specifically target citizens of the Middle Kingdom who wish to go unnoticed (the program installed on the host computer only targets IPs from China)

OnionPoison is anyway a success for hackers, since the channel on which the link was shared is followed by 180,000 subscribers and the offending video has been viewed by 64,000. The latter was the first result of the “Tor Browser” search in China. The description of the video contains two links: the first leads to the official site, while the second leads to a file sharing site. As it is not possible to download Tor Browser through official channels in China, the Tor Project site being blocked there, the worst visitors will hasten to click on the link to the virus.

The malware found on YouTube is used to determine the identity of Internet users

Experts from Kaspersky Lab, the company that wanted to launch an “impossible to hack” smartphone, estimate that the malware will have taken two months to make its first victims. Fittingly, the OnionPoison-inspired virus gives control of the victims’ computer to the hackers. As the malware version of Tor is configured not to be anonymized at all, data entered into forms and browsing history are stored on the computer, and sent to a remote server.

Worse still, the control center to which all this data is sent can obtain the QQ and WeChat account credentials of the target computer. Remember that in China, the WeChat account has become essential in people’s daily lives, and almost serves as an identity card. Chinese Internet users wishing to preserve their anonymity have let themselves be tricked into not respecting this basic precaution: files should only be downloaded from a trusted source. At present YouTube is far from reliable, the video sharing platform even seems to be a den of virus distributors, like this ultra dangerous malware automatically spreads on gaming videos.