![]() Once loaded, the second stage DLL retrieves globally unique identifiers of the operating system disk volume and machine, computer name, computer geolocation, current username, and MAC addresses of network adapters. The C2 server checks the IP address of the infected computer and only sends the payload to victims located in China. Another important detail about the malicious Tor Browser is that it communicates with a C2 server to retrieve a second-stage payload. It also enables caching of pages on disk, automatic form filling and saving login data, and stores additional session data for web pages. The malicious Tor Browser stores browsing history. ![]() Two other file dropped by the malicious installer are freebl.dll (which cannot be found in the original installer) and firefox.exe (which is also present in the original installer, but it is modified in the malicious one). It drops the freebl3.dll file which can be found in the original installer, but its contents are different. Nevertheless, the malicious installer drops different files. More about the malicious Tor browsers and their installersīoth malicious and original Tor Browser installers have the same design/user interface. Malicious Tor Browsers include a library infected with spyware that gathers personal information and sends it to a C2 server. Tor Browser is a legitimate browser that makes it more difficult to trace its user's Internet activity (it protects the user's privacy). ![]() OnionPoison is the name of a campaign used to distribute malicious Tor Browser installers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |