Cybersecurity researchers at Kaspersky have identified malicious browser installers spreading via a Youtube video explaining the Darknet. The channel that published the video boasts more than 180,000 subscribers, and has recently been found to be spreading malicious Tor Browser installers. The video in question has more than 64,000 and contains a malicious link leading targets to an infected version of the Tor Browser. The link is located in the description bar of the video, according to Kaspersky.
Researchers have found that the malware has the capability to collect victim data and obtain complete control over their computers. Kaspersky reported that most of the affected users are from China due to the fact that the Tor browser is banned in this country. Therefore, most individuals who seek to visit the dark web resort to downloading the browser from third-party websites. The version spread by the creators of the Youtube channel are delivering a browser that is configured to be less private than the original tool. Therefore, it is likely that these actors are seeking to collect identifying information of the users who download the browser that can be used to link them to their real identities.