- Timmy Thick blasted for saying the N-word in comeback video Today 9:11 AM
- Netflix’s ‘The Confession Killer’ is a devastating and well-built portrait of a con artist Today 8:00 AM
- Swipe This! I’m ashamed to tell anyone about my online shopping habit Today 6:00 AM
- UPS facing backlash for thanking police after employee killed in shootout Saturday 5:02 PM
- Sanders campaign fires staffer after anti-Semitic, homophobic tweets surface Saturday 3:13 PM
- Brother Nature was attacked, says everyone just watched with phones out Saturday 2:45 PM
- Ryan Reynolds’ gin company hires Peloton wife for ad Saturday 1:24 PM
- Ex-vegan YouTuber accused of fraud after following meat-only diet Saturday 1:11 PM
- The 15 best Disney+ hidden gems and deep cuts Saturday 12:23 PM
- Everyone in GoFundMe scam involving homeless veteran has now pleaded guilty Saturday 12:06 PM
- Boy invites kindergarten class to his adoption–and people are emotional Saturday 11:56 AM
- Reddit links leaked trade deal documents to Russian campaign Saturday 10:44 AM
- How to stream Alistair Overeem vs. Jairzinho Rozenstruik Saturday 8:30 AM
- Amazon sends customers condoms and soap instead of Nintendo Switch Saturday 8:28 AM
- How to live stream Jermall Charlo vs. Dennis Hogan Saturday 8:00 AM
Popular banking malware Vawtrak, which steals a victim’s banking credentials, is now using the Tor anonymizing network in an attempt to stay hidden.
Researchers at Fortinet say the malware, also known as Neverquest, is using Tor2Web, which allows users without a Tor client to access Tor hidden services.
Through Tor2Web, the malware is able to stay in contact with its command-and-control servers that allow it to function. Normally, it’s a fairly straightforward bit of code that points to these servers. The latest evolution of Vawtrak sends the data through Tor2Web to hidden services.
“For malware such as Vawtrak, using Tor2Web makes it much more challenging to shut down its servers hidden in the Dark Web,” researcher Raul Alverez wrote. “The command-and-control servers hidden on the Tor network are harder to track down than those just lying in somebody’s basement. If you know where to look, though, tracking and hunting these servers is hard, but possible.”
The emergence of Vawtrak’s use of Tor is far from the first malware making use of the anonymity network. Most famously, in 2013, a botnet boasting millions of enslaved computers appeared on Tor.
Although Tor is perhaps most famous in the media for the criminals that use it, its users include police, military, businesses, and normal privacy-savvy users. Activists around the world use it to circumvent censorship in countries like China and Iran.
That’s the paradox of anonymity: Either anyone can use it or no one can, so both good and bad actors appear. It’s important to keep all facets of Tor in mind when you consider something like Vawtrak.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.