Ofufuza ochokera ku ESET kugawa kwa Tor Browser yoyipa yomangidwa ndi omwe akuwukira osadziwika. Msonkhanowu udayikidwa ngati mtundu wovomerezeka wa Tor Browser waku Russia, pomwe omwe adawapanga alibe chochita ndi pulojekiti ya Tor, ndipo cholinga chake chinali kusintha zikwama za Bitcoin ndi QIWI.
Kuti asocheretse ogwiritsa ntchito, omwe amapanga msonkhanowo adalembetsa madambwe tor-browser.org ndi torproect.org (zosiyana ndi tsamba lovomerezeka la torproJect.org chifukwa chosowa chilembo "J", chomwe sichidziwika ndi ogwiritsa ntchito ambiri olankhula Chirasha). Mapangidwe amasambawa adapangidwa kuti azifanana ndi tsamba lovomerezeka la Tor. Tsamba loyamba lidawonetsa tsamba lomwe lili ndi chenjezo lokhudza kugwiritsa ntchito mtundu wakale wa Tor Browser ndikufunsira kukhazikitsa zosintha (ulalowo udapangitsa msonkhano ndi pulogalamu ya Trojan), ndipo chachiwiri zomwe zili patsambalo zinali zofanana ndi tsamba lotsitsa. Tor Browser. Msonkhano woyipawo unapangidwira Windows yokha.
Kuyambira 2017, Trojan Tor Browser yakhala ikukwezedwa pamabwalo osiyanasiyana achilankhulo cha Chirasha, pazokambirana zokhudzana ndi darknet, cryptocurrencies, kudutsa Roskomnadzor kutsekereza ndi nkhani zachinsinsi. Kuti mugawire msakatuli, pastebin.com idapanganso masamba ambiri okometsedwa kuti awonekere pamakina apamwamba osakira pamitu yokhudzana ndi machitidwe osiyanasiyana osaloledwa, kuwunika, mayina andale odziwika, ndi zina zambiri.
Masamba akutsatsa mtundu wabodza wa osatsegula pa pastebin.com adawonedwa nthawi zopitilira 500.
Kumanga kopekaku kudakhazikitsidwa pa Tor Browser 7.5 codebase ndipo, kupatula ntchito zoyipa zomwe zidamangidwa, kusintha pang'ono kwa Wogwiritsa Ntchito, kuletsa kutsimikizira kwa siginecha ya digito pazowonjezera, ndikuletsa makina osinthira, zinali zofanana ndi mkuluyo. Tor Browser. Kuyika koyipaku kunali kulumikiza chowongolera pazowonjezera za HTTPS Kulikonse (ma script.js owonjezera adawonjezedwa ku manifest.json). Zosintha zotsala zidapangidwa pamlingo wosinthira makonda, ndipo magawo onse a binary adatsalira pa Tor Browser.
Script yophatikizidwa mu HTTPS Kulikonse, potsegula tsamba lililonse, inalumikizana ndi seva yolamulira, yomwe inabwezera JavaScript code yomwe iyenera kuchitidwa pa tsamba lamakono. Seva yowongolera idagwira ntchito ngati ntchito yobisika ya Tor. Pochita khodi ya JavaScript, owukira amatha kusokoneza zomwe zili mumasamba, kulowetsa kapena kubisa zinthu zosamveka pamasamba, kuwonetsa mauthenga abodza, ndi zina zambiri. Komabe, posanthula nambala yoyipa, ma code okhawo olowa m'malo mwa QIWI ndi ma wallet a Bitcoin pamasamba olandila malipiro pa darknet adajambulidwa. Panthawi yoyipa, 4.8 Bitcoins adasonkhanitsidwa pamatumba omwe amagwiritsidwa ntchito m'malo, omwe amafanana ndi pafupifupi madola 40 zikwi.
Source: opennet.ru