Beware: Fake Tor Browser to Lure Victims to Supposed Dark Web Marketplace
A malicious app disguised as a modified version of the Tor Browser was spotted last week by ransomware researcher Lawrence Abrams of Bleeping Computer. The faked browser was promoted among the users in the form of YouTube videos. The videos are tutorials to teach non-technical users how to buy stuff from a Dark Web marketplace known as ‘The Rodeo’.
Instructions in the YouTube videos asked users to download the Rodeo Browser, claiming it is a modified version of the Tor Browser, specifically built to let users access The Rodeo marketplace.
The browser only pretends to be Tor. Instead of communicating via the Tor network, it displays a page directly coming from a third-party web server via clearnet.
Even though the Rodeo web browser is coded in .NET, the software aims to resemble the initial connection process of the Tor browser, but it mimics the Tor browser interface only. Most of the buttons don’t work, except the one in the Settings drop down menu which opens the Rodeo marketplace. The browser’s only purpose is to provide access exclusively to the Rodeo marketplace.
As mentioned earlier, when opened, you are connected to the market via clearnet!
It’s a waste of time to talk about the legitimacy of such a marketplace. Despite being a market offering all the usual stuff – from drugs, pharmaceuticals, counterfeit money and even hackers for hire, it is obvious that it is a scam. If the operators got ambitions to operate a real dark web market, they could have done so. After the demise of AlphaBay there is surely demand for evolving markets.
According to Bleeping Computer, everything on the site is faked. All content is downloaded from a web server in either text or Base64 or encrypted HTML files. The whole set-up is to con non-technical users into placing orders and paying via Bitcoin for products they will never receive.
Based on Bleeping Computer’s research, the site has 138 users at the time of writing.
For more in-depth information, read the original post published by Bleeping Computer’s Security News Editor Catalin Cimpanu here.