Many users dream of browsing the Web without anyone’s prying eyes—something the Tor browser can help them accomplish.1 So what happens then when they end up downloading a rogue installer, especially one that spies on them instead?2
WhoisXML API investigated the OnionPoison case and expanded the list of publicized indicators of compromise (IoCs),3 which led to the discovery of:
- Four shared IP addresses to which the IoCs resolved, one of which is malicious
- 300+ domains that shared the IoCs’ IP hosts, one of which is classified as a malware host
- 100+ additional domains containing the string “torbrowser,” one of which is a confirmed spam host
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—
- [1] https://www.torproject.org/download/
- [2] https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
- [3] https://otx.alienvault.com/pulse/633c2ebd5a54a44fe8b3e14d