Wednesday, September 19Care to be aware

Make sure you’re using the real Tor Browser

Dark Web is the part of the world wide web which is beyond the reach of normal search engines and is accessible with the help of specific tools like the Tor Browser.

The dark web has a lot of shady and illegal stuff. But what’s shadier is a fake Tor browser that’s being promoted among the users in the form of YouTube videos.

The fake Tor Browser was spotted last week by Lawrence Abrams of Bleeping Computer. The said YouTube videos are tutorials to teach users about buying stuff from a Dark Web marketplace known as The Rodeo.

Fake Tor Connection

The only way you can relate the imposter web browser to Rodeo is that it carries the name in the title bar. After further digging, it was found that the software carries Tor’s UI and houses .NET code under the hood. Most of the options and buttons don’t work except the one in the Settings drop down menu which opens the Rodeo marketplace.

When opened, it doesn’t even connect to the Tor network but loads all the site data from a remote FTP server while it pretends to fetch data from a fake onion address.

fake tor browser 2
The Rodeo About Us page

There is a question about the legitimacy of the website as well. Users can do all the normal operations like account creation, view vendor profiles, browsing products (mostly illegal), paying via Bitcoin, etc. But it’s unclear if they would ever receive the product they purchase from the website.

All the data related to the user, vendors, and even the passwords and private messages are stored on the FTP servers in text files from where it’s retrieved. Bleeping Computer wasn’t able to verify the website’s claims implemented PGP key encryption for all orders.

fake tor browser3
Hacking Services page

For each user who registered on the marketplace, a folder was created. There were around 138 such folders. It’s believed that the different vendors present on the site are actually the same person who operates the site. Bleeping Computer was able to find the Bitcoin address of three people who might have paid some amount to the website operator.

For more information, read the original post published here.

Leave a Reply

Your email address will not be published. Required fields are marked *