Hackers targeting Tor

[lobat999]

Though I find this a little bit ironic, this incident only shows the importance of downloading apps from official sites only and not be enticed easily by supposedly trusted fellow netizens with their app recommendations!

I think netizens should also exercise more vigilance and always be cautious to prevent these types of incident from happening again but I think this will never change until there are people who are gullible - the reason why this kind of intrusions will never stop! Imho.

[Oasisman]

Though I am not using TOR browser, but I think hackers can't penetrate if you only update your browser. Because the hacker's version of the official TOR browser is a totally different app with the same content but with additional spyware. People who are security-wise wont get easily attacked by this kind of malware.

I Might as well research for the same kind of attack using different browser.

[pooya87]

people seriously have to get into the habit of either compiling from sources or verify the things they download and it goes for everything. Tor also uses PGP signatures to sign their releases and they have a help page explaining how to do it here: https://support.torproject.org/tbb/how-to-verify-signature/
that simple move can easily solve a great number of issues (such as malware infections, losing data, losing bitcoin,...).

[Kyraishi]

Though I am not using TOR browser, but I think hackers can't penetrate if you only update your browser. Because the hacker's version of the official TOR browser is a totally different app with the same content but with additional spyware. People who are security-wise wont get easily attacked by this kind of malware.

I Might as well research for the same kind of attack using different browser.

The issue targets people that go on bad links and download exploited versions of the TOR browser which opens them up to exploits.

Download eveything off official websites. And make sure you verify everything from the offical tor website, and don't click bad links that might possibly include malware.

[blckhawk]

Please be vigilant, always verify what you’re downloading & from where.


@coindesk
Hackers have been distributing a compromised version of the official Tor Browser that's packed with malware designed to steal bitcoin and spy on users. Security firm @ESET says it's been going on for "many years."

https://twitter.com/coindesk/status/1185165299450028033?s=21

@torproject

https://www.coindesk.com/fake-tor-browser-has-been-spying-stealing-bitcoin-for-years

This is not quite surprising. Bitcoin is widely used as a medium of payment and transactions in the deep web, and the tor browser is one of the vulnerable part of connecting to onion sites. That's why when dealing with large funds, we must always be alert and wary of the softwares we use. One way to avoid these is just avoid browsing in the deep web or avoid engaging in transactions which are illegal.

[eaLiTy]

Though I am not using TOR browser, but I think hackers can't penetrate if you only update your browser. Because the hacker's version of the official TOR browser is a totally different app with the same content but with additional spyware. People who are security-wise wont get easily attacked by this kind of malware.

There are many methods a hacker could employ to steal the contents, the recent event is because they downloaded all the software from non official sources and they had a backdoor and they never identified until they lost their contents or coins. Everyone who is using the computer need to understand how to protect their content and that should be the basic.

Here is an example of how hackers could mislead you with another update from the software you are using if there is any vulnerability and here is the prime example. Electrum vulnerability
 

[bounceback]

I think this is a good post for us because it reminds us that the Tor browser hacker may be due to statements like this, I think it is no longer using the tor browser to access the bitcoin wallet because this is very detrimental to us if accessing the bitcoin wallet through a browser is most likely the browser can stole our bitcoin without realizing it.

[Kakmakr]

Well it is common knowledge that hackers and governments infiltrate exit nodes to reveal people's hidden identity in the Tor network. They also run "exploited" nodes on the network and "sniff" the IP addresses of people using those nodes.  

I run a bootable version of Tails that contains Tor as the built-in browser, so you do not have to download anything and when you reboot, everything is gone, so you start with a fresh OS after each reboot. <It even contains a built-in Bitcoin wallet, but you will have to run a persistent volume to use that.>  

[naska21]

people seriously have to get into the habit of either compiling from sources or verify the things they download and it goes for everything. Tor also uses PGP signatures to sign their releases and they have a help page explaining how to do it here: https://support.torproject.org/tbb/how-to-verify-signature/
that simple move can easily solve a great number of issues (such as malware infections, losing data, losing bitcoin,...).

Agree, a check should always be made as to whether the downloads are signed by developers, but the trouble is majority of users don't have even a shred of knowledge what pgp signature is and how to determine the authenticity thereof. That said, one should always check the fingerprint of any public pgp key  before certificating  it in Kleopatra.

[jossiel]

the OS I use does that automatically every time you open a Tor Browser: https://qubes-os.org

I might test this sometime, thanks for sharing this too.

you need:

• 8GB RAM minimum (really 12GB is the comfortable minimum)
• Intel VT-d or the AMD equivalent (forgot the name)
• Intel SLAT or the AMD equivalent (ditto)

There's a LiveDVD version, so that would test your pc's ability to run Qubes. You can also check the list of compatible computer models (the HCL) on https://qubes-os.org before trying.

I might upgrade my PC first to 16GB although I'm eligible and have 8GB ram but it would be a better choice to have that comfortability minimum requirements.

The issue targets people that go on bad links and download exploited versions of the TOR browser which opens them up to exploits.

Download eveything off official websites. And make sure you verify everything from the offical tor website, and don't click bad links that might possibly include malware.

And don't download suspicious apps too.

[1Referee]

Here is an example of how hackers could mislead you with another update from the software you are using if there is any vulnerability and here is the prime example. Electrum vulnerability

That was quite shocking for a lot of people. One doesn't expect that the legitimate application they downloaded from the main source forwards popups indicating that people should install an update which later turns out to make them lose all their funds. I truly hope that it made people so paranoid, that they will never have to go through that ever again.

I was already aware of similar tricks with other software applications, so I never click links or follow instructions as indicated by the popup, but visit the site myself and if needed download the actual software from there. I have to admit myself that being so paranoid is quite exhausting because every application needs to be verified and whatnot, but it's all worth it in the end.

It's also a reminder that crypto as a whole in no shape is even remotely close to mass adoption of common joe type of people. 

[Carlton Banks]

people seriously have to get into the habit of either compiling from sources or verify the things they download and it goes for everything.

compiling from source is great habit to get into, but Tor Browser (or really, Firefox).... I've never tried that, but I get the feeling it takes alot of care. Of course, OS's that compile everything locally in their package manager must do this, so it can't be too hard. Not going to try it any time soon myself, however

It's also a reminder that crypto as a whole in no shape is even remotely close to mass adoption of common joe type of people.  

I find it embarrassing, and am myself feeling increasingly embarrassed as time goes on.

Most people use computers at the same level a child can teach itself to do, simply by watching and imitating. While these people watch their cat videos, I'm trying to learn basic computer science that (at it's core) hasn't changed much since the 1970's, and people are still using the crappy 1980's sub-par clone (i.e. windows) of the 1970's model.

Meanwhile, others apparently still haven't learned the basic rule number zero of the internet; if it's a popup, don't fucking click anywhere except on the close button, especially if it tells you 'click here or you'll die'. I learned that in the first month or so when the internet was still new. seriously ffs

[Eugenar]

And yet, they are trying to to these things to the most safest browser I've known. Well, be cautious about this, as we all know, Tor has their own browser wherein we can download the tor browser. But when it comes to the point that they will target the site as well, it is mainly impossible, since phishing the website tor isn't easy as it doesn't contain any repetitive letters that might confuse the users.

[tanjiran]

How ironic. Many people who want to improve performance and security on the internet by using the Tor browser, unfortunately even that is used as a weapon by hackers to steal other people's assets and break their hearts. From there we can take lessons to always be careful in installing applications and extensions on our devices, use the original, and do the download in an official place.
I know what it's like to be hacked, even though I've tried using a variety of multiple security, hopefully the hackers are aware of how painful it is to lose assets that have been sought and guarded desperately.

[samcrypto]

And yet, they are trying to to these things to the most safest browser I've known. Well, be cautious about this, as we all know, Tor has their own browser wherein we can download the tor browser. But when it comes to the point that they will target the site as well, it is mainly impossible, since phishing the website tor isn't easy as it doesn't contain any repetitive letters that might confuse the users.

But they did it and we must be very careful on dealing with the fake sites. Tor is trying to be the safest browser/site but hackers are doin their best to scam people and we cannot blame Tor with this one. If you see suspicious sites or any phishing sites, you must not download anything from it or else, you time has come to an end and your money will gone.

[Oceat]

And yet, they are trying to to these things to the most safest browser I've known. Well, be cautious about this, as we all know, Tor has their own browser wherein we can download the tor browser. But when it comes to the point that they will target the site as well, it is mainly impossible, since phishing the website tor isn't easy as it doesn't contain any repetitive letters that might confuse the users.

But they did it and we must be very careful on dealing with the fake sites. Tor is trying to be the safest browser/site but hackers are doin their best to scam people and we cannot blame Tor with this one. If you see suspicious sites or any phishing sites, you must not download anything from it or else, you time has come to an end and your money will gone.

Thank God I am not using Tor to send some Bitcoin but in my case, I only use Tor as my VPN for a restricted/banned websites to get access to them easily. Although I am very picky of clicking or looking at the sites legitimacy but I only go directly to the site that I've known before and no other else.

[1Referee]

I find it embarrassing, and am myself feeling increasingly embarrassed as time goes on.

Most people use computers at the same level a child can teach itself to do, simply by watching and imitating. While these people watch their cat videos, I'm trying to learn basic computer science that (at it's core) hasn't changed much since the 1970's, and people are still using the crappy 1980's sub-par clone (i.e. windows) of the 1970's model.

Meanwhile, others apparently still haven't learned the basic rule number zero of the internet; if it's a popup, don't fucking click anywhere except on the close button, especially if it tells you 'click here or you'll die'. I learned that in the first month or so when the internet was still new. seriously ffs

I totally get your frustration. To some extent we can blame governments for not triggering people to become more aware of proper internet etiquette, but on the other hand, it's in their best interest to not educate people to the point where they become smart enough to take proper security measures enough so that they don't fall victim to phishing, viruses, etc.

The more untaught people are, the easier it is for governments to exploit vulnerabilities in their operating systems or hardware to retain a certain level of surveillance, which hackers obviously will be able to exploit too. If you aren't curious enough to explore various fields of interests that play a big role in today's society, which the internet is a huge part of, then you're basically fucked.

This is a major reason why the mass adoption of Bitcoin will probably take decades. It also translates into wealth inequality because the dumb will end up being as poor as they have always been, where the smart money and those who are technically adapted will be the new elite.

[rdluffy]

I read this on a crypto web site, and unfortunately this is such a bad thing for cryptos, because people will think that it's risky to use cryptos
It's really important to learn this lesson, only download of official websites and always research before if an application is compromised

[Carlton Banks]

If you aren't curious enough to explore various fields of interests that play a big role in today's society, which the internet is a huge part of, then you're basically fucked.

this

This is a major reason why the mass adoption of Bitcoin will probably take decades. It also translates into wealth inequality because the dumb will end up being as poor as they have always been, where the smart money and those who are technically adapted will be the new elite.

I have this sense that being at all inept using computers could be the difference between life and death. Robots and AI are soon going to be a part of daily life... fuck, really they already are in a nascent stage of it. Asimov and Philip K. Dick et al warned us about this stuff, and something like the bottom 90th percentile (and that's optimistic ) of the world haven't even caught up to Edmund Bernays and George Orwell. And the 20th century was such a thunderous bitch-slap of sophistication that it's no wonder, really.

so while I'm pretty disappointed in myself for being so slow to see some of this, when I think of these typical Facebook zombies... it's hard to have any sympathy for them, trying to impress this stuff on them out of a sense of humanity is more likely to cause problems than anything else The potential for the world to enter into an era that's actually worse than all of dystopic fiction rolled into one is a distinct possibility, and almost everyone is expendable drone fodder in such a scenario

[Mike Mayor]

How ironic. Many people who want to improve performance and security on the internet by using the Tor browser, unfortunately even that is used as a weapon by hackers to steal other people's assets and break their hearts. From there we can take lessons to always be careful in installing applications and extensions on our devices, use the original, and do the download in an official place.
I know what it's like to be hacked, even though I've tried using a variety of multiple security, hopefully the hackers are aware of how painful it is to lose assets that have been sought and guarded desperately.

That is what it makes it so brilliant. It is like those fake antivirus software that causes confusion and makes you want to act quickly to get rid of these so-called viruses and the software is even built-in with a fake scanner
and virus detection. Now you get ones possing as browsers for protection. I wonder what sort of activities it spies on. What would they do with this info? Beisde  sell bitcoin privatekeys or crypto stolen through the browser.
Maybe the collect a database of users so they can keep track of how much they have stolen from each IP? I don't know. It would make sense for them to collect IP addresses which use crypto a lot to see if they can steal more later on. Or maybe you gamble and they later steal your account.