Fake Tor Browser Used to Target Dark Web Users

Posted on the 22 July 2017 by Darkwebnews @darkwebnews

In what can only be termed as a scam to dupe those already involved in clandestine transactions, a fake browser disguised as Tor is leading unsuspecting dark web users into buying goods on a darknet marketplace called "Rodeo." There is fear that none of the ordered contents will ever reach the buyers.

Experts at the technical support site Bleeping Computer first uncovered the fraud scheme, and are actively investigating the situation.

It is common knowledge that Tor is the default program used by dark net dwellers. This includes users who deal in all things illegal-from drugs to guns to stolen goods to even fake currencies.

Dealers and buyers would access their respective .onion sites and enter into these transactions, making payments in Bitcoin or other cryptocurrencies acceptable to the sellers on these markets.

But a fake browser has emerged, cloning itself as the real Tor browser and luring visitors into concluding transactions on The Rodeo marketplace.

According to the investigations disclosed, it is unknown whether the market is legitimate or if its part of the scam as well. Perhaps that information will surface when (or if) buyers receive their ordered items.

A Clone on the Dark Web

It was found that the fake browser is using the user interface and even the .NET code of the legitimate Tor browser platform, but the contents and data on the browser window are imported from a remote server, which must be a FTP server.

If the visitor is new to the dark web and has come into the network to purchase drugs or guns on illegal marketplaces, he or she could be easily fooled into believing that this fake browser is legitimate, after which they may even place an order on The Rodeo and commit the payment online instantly.

But the reality could be something else.

Fake Sellers to Skim off the Funds?

If there was any doubt left that this is a clear case of a fraud within the dark web, it became apparent to investigators that whoever was behind this masquerade was indeed a scammer.

They seem to be operating as the same person or entity, and they may be whoever is running The Rodeo marketplace is well.

This is where Bleeping Computer's team is quite certain that the whole operation is a scam.

People will place an order and make the payment, but it is doubtful if they will ever receive the items they paid for. The fake browser can just vanish without a trace and nothing can be done to stop it.

The Browser Permits Other Functions

The curious aspect of this scheme is that it may not be feasible for the average dark net user to detect anything amiss.

When they use the fake browser, they're permitted to register on just one dark web market-The Rodeo.

And if they try to go elsewhere, the site's buttons don't work properly. A terse message appears as soon as you click on any of these buttons, reading, "Feature Disabled for this Session."

So users then register on the market, input their profile information and browse through the background of vendors, as they would with any other market.

They can then place orders and make Bitcoin transfers as with the legitimate Tor browser. Up to this point, it appears to the user like a normal operation.

The average user might not be think to be concerned with such a response; that is, until they find their orders may never be delivered.

Attracting Customers Through YouTube Tutorials

It was also discovered that the agency operating this scam is actually inviting customers to watch a YouTube video on how to log into the Rodeo browser.

As such, unsuspecting watchers are being bluffed that they will actually be using the Tor browser.

The changes they see are being done to facilitate their dark net transactions. If someone is new to the trade, there would be a high likelihood they might fall for this scam.

It is based on all these factors that the investigative reports must be shared in public to warn dark net users that if they make any payments or transactions through this fake platform, there is every possibility that their money is as good as gone.

Disclaimer:

You need to enable JavaScript to vote