- The ’24 hours to respond’ meme holds celebrities to a higher standard Monday 8:46 PM
- Twitter users miss the kids who walked in on their dad’s interview Monday 8:40 PM
- ‘The Thing About Men’ Twitter hashtag is full of sarcasm and misogyny Monday 7:27 PM
- This woman said Hillary Clinton losing the 2016 election gave her PTSD, and people are furious Monday 6:45 PM
- Vanessa Bryant files a lawsuit against helicopter company after deaths of Kobe and Gianna Monday 5:49 PM
- Michael Jordan cries at Kobe Bryant memorial, jokes about creating a new meme Monday 4:43 PM
- Woman’s boyfriend says it’s him or the frogs—Reddit says choose the frogs Monday 4:22 PM
- Greyhound buses will no longer allow Border Patrol checks Monday 4:04 PM
- ‘Eat Them To Defeat Them’ is oddly about vegetables—not about eating the rich Monday 3:26 PM
- Marco Rubio mocked for filming talking while driving socialism critique Monday 2:54 PM
- QAnon believer asks Trump’s campaign press secretary who Q is Monday 2:36 PM
- Octavia Spencer has discovered ‘Ma’ memes—and she can’t get enough Monday 2:09 PM
- Meet the anti-Greta Thunberg, a climate ‘skeptic’ funded by the oil industry Monday 1:12 PM
- Harvey Weinstein convicted of rape and sexual assault Monday 12:56 PM
- Senator calls Facebook’s current election disinformation efforts ‘inadequate’ in letter Monday 12:11 PM
Popular banking malware Vawtrak, which steals a victim’s banking credentials, is now using the Tor anonymizing network in an attempt to stay hidden.
Researchers at Fortinet say the malware, also known as Neverquest, is using Tor2Web, which allows users without a Tor client to access Tor hidden services.
Through Tor2Web, the malware is able to stay in contact with its command-and-control servers that allow it to function. Normally, it’s a fairly straightforward bit of code that points to these servers. The latest evolution of Vawtrak sends the data through Tor2Web to hidden services.
“For malware such as Vawtrak, using Tor2Web makes it much more challenging to shut down its servers hidden in the Dark Web,” researcher Raul Alverez wrote. “The command-and-control servers hidden on the Tor network are harder to track down than those just lying in somebody’s basement. If you know where to look, though, tracking and hunting these servers is hard, but possible.”
The emergence of Vawtrak’s use of Tor is far from the first malware making use of the anonymity network. Most famously, in 2013, a botnet boasting millions of enslaved computers appeared on Tor.
Although Tor is perhaps most famous in the media for the criminals that use it, its users include police, military, businesses, and normal privacy-savvy users. Activists around the world use it to circumvent censorship in countries like China and Iran.
That’s the paradox of anonymity: Either anyone can use it or no one can, so both good and bad actors appear. It’s important to keep all facets of Tor in mind when you consider something like Vawtrak.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.