Criminals, whatever they do, are quite resourceful. This applies to both ordinary criminals and those who commit offenses on the web. Last week, representatives of the company Bleeping Computer, which deals with issues of cybersecurity,
found an unusual scheme of deceiving their victims with cybercriminals. This is a fake Tor browser, which is used to deceive users who want access to various trading platforms.
Outwardly, the fake program is very similar to the real Tor, although it is called the Rodeo Browser. It is distributed through links in YouTube videos. The videos themselves demonstrate to inexperienced users how you can buy various kinds of goods prohibited by law on the darknet. According to scammers, their browser is a modified version of Tor, which is used to provide access to the The Rodeo marketplace.
All the statements of those behind the fake Tor are false. In fact, Rodeo Browser is a completely different program from Tor. It only copies the interface and design of the original Tor. Created software on .NET. Browser is unable to enter any sites. If you select something, it does not matter that, then the user will see only the error message.
Nothing works except the drop-down menu, which, according to developers of a fake browser, gives users access to the darknet. Namely - to the trading platform The Rodeo. As soon as the user selects one of the subsections of the menu, the “browser” simulates the connection setup with th3rod3o3301jtxy.onion. In fact, at this time, the program connects to the fraudsters server via FTP, all the content received by the browser loads from there.
Content is stored as text, Base64 or encrypted HTML files. The FTP server is located at th3rod30.xyz, and a number of files are available in the th3rod30.xyz/s directory. Going to the “page” of the market, the user of the fake browser
sees illegal drugs, weapons, bank cards, various kinds of services offered by hackers and so on. In fact, according to experts, there are no such goods and services. The browser is fake, and the task of its developers is to pull out more money from users.
In order to work with the site, you must register and log in. After that, you can buy something. Of course, buyers of their products will not wait, because, as mentioned above, all this is fake. According to the developers, all information, including orders, is encrypted with PGP keys. After a detailed analysis, it turned out that there are no keys, the information remains almost in the clear. A database with a list of all registered users in the “market” is also located on the ftp server, which was discussed above. So far it is only 138 people.
The “browser” itself was created not to collect user data, but to make money. When buying goods or services using a fake Tor browser, users list bitcoins into wallets that most likely belong to the developer. Accordingly, he receives all funds directed to pay for something. However, so far, cybersecurity researchers have found only three entries with payment data, that is, only three users sent money. Not so much, but if the base of "customers" will expand, then the income of the browser creator will grow.
As for the owners of real markets in the darknet, their fate does not always work out well. Ross Ulbricht, the creator of Silk Road, the largest darknet market where you could get everything from drugs to heavy weapons, received a life sentence a few years ago.
His colleague, the owner of AlphaBay, who was arrested a few days ago,
committed suicide . This was reported yesterday by The Wall Street Journal. AlphaBay held a native of Canada, Alexander Kaz. He was detained by Thai police during a joint operation. Three houses and four sports cars worth $ 11 million were confiscated from Kaz. AlphaBay was launched around the same time that Silk Road closed. The site quickly grew and became Tor’s largest market for weapons, drugs, and hacker software. The daily turnover on this site was 600 thousand US dollars, the user base totaled 200 thousand people.