Fake Tor Browser Aims to Steal Darknet Users’ Bitcoin Balances

Internet criminals are getting a lot better at tricking users into giving them money. They even target darknet users, as they are even less likely to complain to local law enforcement since they are often engaged in illegal activity in the first place. A new fake Tor browser lures victims to alleged darknet marketplaces. This has become a very real problem, especially now that AlphaBay is out of commission.

Scamming Darknet Users is a New Trend

On paper, it makes perfect sense for criminals to target people who are engaged in nefarious activities and attempt to take their money. The better this activity can be masked, the better their chances of successfully obtaining both money and potentially personal information. In this latest particular effort to scam darknet users, a fake Tor browser is involved.

There is a malicious app making the rounds. The program in question is a slightly modified Tor browser, which is mainly designed to scam people browsing the darknet for illegal products. Obtaining the wallet is intriguing, as it is only distributed through YouTube video which explains to less tech-savvy users how to purchase items from “The Rodeo,” an alleged darknet marketplace.

Since the people interested in exploring this marketplace need to download the Rodeo browser, there will be some viewers falling for these kinds of tactics. However, the Rodeo browser is a UI shell and does not even mimic Tor. It may look similar, but there is a massive difference between the two. The Rodeo Browser is coded in .NET and none of its UI buttons seem to work.

One feature that does work is accessing the so-called Rodeo marketplace itself. The fake browser claims to connect to an onion address, although that is not exactly what happens. Instead, it established an FTP connection to retrieve content which serves as the darknet marketplace. The content displayed through the browser is fake and it is all carefully prepackaged information to trick users into believing they are browsing a darknet platform.

The main objective of this platform is to make people place orders, have them pay in Bitcoin, and never ship them any goods. It is an elaborate scheme to steal people’s money, but it is also quite an effective way of successfully making a lot of money quickly. It is unclear how money has been stolen so far, yet security researchers discovered at least three different Bitcoin addresses being used. Additionally, around 135 users are registered on the platform so far. Some of those accounts are likely fake.

An elaborate project like the Rodeo Browser does not come by all that often. It makes a lot of sense to issue a custom browser to trick users into believing they are effectively visiting a darknet marketplace. Most people are well aware of how the regular Tor browser provides access to virtually any darknet platform one can think of right now. Proprietary browsers for individual platforms are almost always part of a bigger scam effort.