Skip to Content

Kaspersky Report on Less Common Primary Infection Vectors

Updated on 2022-10-06

Researchers from Kaspersky recently looked into less-commonly used vectors of infection in malware campaigns. The methods include infection through malicious torrents (CLoader), infections through a fake TOR browser (OnionPoison), and as backdoored and signed benign tool (AdvancedIPSpyware).


  • A posture of only allowing connections to approved services and protocols goes a long way to mitigating this type of risk. In a zero-trust world this protection moves to the endpoint but you still need centralized control and visibility, implement similar controls at your perimeter for devices which lack the capacity to do it locally. Yes this requires the ability to dynamically update that rule set, (so you need a good threat feed) consider a default deny posture as it is likely to have fewer services go bad and need blocking.


Updated on 2022-10-05

A renowned Chinese language YouTube channel was found propagating a trojanized version of a Windows installer for Tor browser. Dubbed OnionPoison, the campaign has been going on since at least March. Read more: OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

Overview: OnionPoison

Kaspersky researchers said they identified a campaign that distributed spyware-laced versions of the Tor Browsers via a popular Chinese YouTube channel. Named OnionPoison, the spyware collected data such as browsing history, social networking account IDsm and Wi-Fi network identifiers, but did not bother to collect more sensitive information such as user passwords, cookies, or wallet information. Read more: OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.