The Tor anonymisation network is being used to hide 900 botnet and cybercrime-related hidden services, according to Kaspersky Lab.
Kaspersky security researchers report that the Tor network is playing host to the ChewBacca point-of-sale keylogger and the ZeuS banking malware control infrastructure, as well as the first Tor Trojan for Android.
Many Tor network resources are command-and-control servers, admin panels and other malware-related resources. “Carding” forums are also flourishing on the darknet.
Using darknet resources offers various advantages to cybercriminals, who are increasingly moving towards the technology, according to Kaspersky Lab.
“Hosting C&C servers in Tor makes them harder to identify, blacklist or eliminate," explained Sergey Lozhkin, a senior security researcher at Kaspersky Lab, "although creating a Tor communication module within a malware sample means extra work for the malware developers.”
Lozhkin added: “We expect there will be a rise in new Tor-based malware, as well as Tor support for existing malware.”
It's difficult, if not impossible, to identify the user’s IP address in Tor, which offers a cloak of anonymity that can be used by anyone from human rights activists to cybercrooks. Moreover, this darknet resource utilises so-called pseudo-domains which frustrate efforts to identify the resource owner’s personal information. ®