Abacwaningi abavela ku-ESET ukusatshalaliswa kwe-Tor Browser enonya eyakhiwe ngabahlaseli abangaziwa. Umhlangano ubekwe njengenguqulo esemthethweni yesiRashiya ye-Tor Browser, kuyilapho abadali bawo bengahlanganise lutho nephrojekthi ye-Tor, futhi inhloso yokudalwa kwayo kwakuwukushintsha izikhwama ze-Bitcoin ne-QIWI.
Ukuze badukise abasebenzisi, abadali bomhlangano babhalise izizinda tor-browser.org kanye ne-torproect.org (ehlukile kuwebhusayithi esemthethweni ye-torproJect.org ngokungabi bikho kohlamvu βJβ, olunganakwa abasebenzisi abaningi abakhuluma isiRashiya). Idizayini yamasayithi yenziwe isitayela ukuze ifane newebhusayithi yeTor esemthethweni. Isayithi lokuqala libonise ikhasi elinesexwayiso mayelana nokusebenzisa inguqulo yakudala ye-Tor Browser kanye nesiphakamiso sokufaka isibuyekezo (isixhumanisi siholele ekuhlanganisweni kwesoftware yeTrojan), kanti kowesibili okuqukethwe bekufana nekhasi lokudawuniloda. Isiphequluli se-Tor. Ukuhlanganiswa okunonya kudalelwe iWindows kuphela.
Kusukela ngo-2017, i-Trojan Tor Browser iye yakhuthazwa ezinkundleni ezihlukahlukene zolimi lwesiRashiya, ezingxoxweni ezihlobene ne-darknet, i-cryptocurrencies, ngokudlula ukuvinjwa kwe-Roskomnadzor kanye nezindaba zobumfihlo. Ukuze usabalalise isiphequluli, i-pastebin.com iphinde yakha amakhasi amaningi athuthukisiwe ukuze avele ezinjinini zokusesha eziphezulu ngezihloko ezihlobene nemisebenzi ehlukahlukene engekho emthethweni, ukucwaninga, amagama osopolitiki abadumile, njll.
Amakhasi akhangisa inguqulo engelona iqiniso yesiphequluli ku-pastebin.com abukwe izikhathi ezingaphezu kwezinkulungwane ezingama-500.
Ukwakhiwa okungelona iqiniso kwakusekelwe ku-codebase ye-Tor Browser 7.5 futhi, ngaphandle kwemisebenzi enonya eyakhelwe ngaphakathi, izinguquko ezincane ku-User-Agent, ukukhubaza ukuqinisekiswa kwesiginesha yedijithali kwezengezo, nokuvimba uhlelo lokufaka isibuyekezo, kwakufana nesikhulu. Isiphequluli se-Tor. Ukufakwa okunonya bekuhlanganisa ukunamathisela isibambi sokuqukethwe kusengezo esijwayelekile se-HTTPS Yonke indawo (isikripthi esengeziwe se-script.js sengezwe ku-manifest.json). Izinguquko ezisele zenziwa ezingeni lokulungisa izilungiselelo, futhi zonke izingxenye kanambambili zasala kuSiphequluli se-Tor esisemthethweni.
Umbhalo ohlanganiswe ku-HTTPS Yonke indawo, lapho uvula ikhasi ngalinye, uthinte iseva yokulawula, ebuyisele ikhodi ye-JavaScript okufanele isetshenziswe kumongo wekhasi lamanje. Iseva yokulawula isebenze njengesevisi ye-Tor efihliwe. Ngokusebenzisa ikhodi ye-JavaScript, abahlaseli bangakwazi ukubona okuqukethwe kwamafomu ewebhu, bafake esikhundleni noma bafihle izinto ezithile emakhasini, babonise imilayezo engelona iqiniso, njll. Nokho, lapho kuhlaziywa ikhodi enonya, kwaqoshwa kuphela ikhodi yokufaka imininingwane ye-QIWI kanye nezikhwama ze-Bitcoin emakhasini okwamukela inkokhelo ku-darknet. Ngesikhathi somsebenzi omubi, ama-Bitcoins angu-4.8 aqoqwe kuma-wallet asetshenziselwa ukushintshwa, okuhambisana cishe nama-dollar ayizinkulungwane ezingu-40.
Source: opennet.ru