When Search for Anonymity Leads to Exposure Instead | WhoisXML API

Threat Reports

Rogue Tor Browser: When Search for Anonymity Leads to Exposure Instead

Many users dream of browsing the Web without anyone’s prying eyes—something the Tor browser can help them accomplish.1 So what happens then when they end up downloading a rogue installer, especially one that spies on them instead?2

WhoisXML API investigated the OnionPoison case and expanded the list of publicized indicators of compromise (IoCs),3 which led to the discovery of:

  • Four shared IP addresses to which the IoCs resolved, one of which is malicious
  • 300+ domains that shared the IoCs’ IP hosts, one of which is classified as a malware host
  • 100+ additional domains containing the string “torbrowser,” one of which is a confirmed spam host

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.torproject.org/download/
  • [2] https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
  • [3] https://otx.alienvault.com/pulse/633c2ebd5a54a44fe8b3e14d
Try our WhoisXML API for free
Get started