Kaspersky researchers discovered that a trojanized version of a Windows installer for the Tor Browser has been distributed through a popular Chinese-language YouTube channel.
The campaign, named OnionPoison, targeted users located in China, where the Tor Browser website is blocked. Users in China often attempt to download the Tor browser from third-party websites.
In the OnionPoison campaign, threat actors shared a link to a malicious Tor installer posting it on a popular Chinese-language YouTube channel providing info on the anonymity on the internet.
The channel has more than 180,000 subscribers and according to Kaspersky the video with the malicious link had more than 64,000 views at the time of the discovery. The video was posted on January 2022, and according to Kaspersky’s telemetry, the first victims were compromised in March 2022.
