Claiming to be an entryway to the dark web marketplace, a fake browser lures user into registering on a website and steals their money. Rodeo, an imitation of a Tor browser has been discovered to scam people into believing they are entering a marketplace for all things illegal.
The marketplace is called the Rodeo Marketplace, and on it, you can apparently find everything from unlocked phones, drugs, and similar illegal products.
Fortunately, or unfortunately, depending on the way you look at it, research has shown that the entire setup is fake.
Lawrence Abrams, a worker at BleepingComputer started an investigation which lead him to find that the way the fake website has been distributed is through YouTube tutorials in which a detailed explanation of how to download the browser and gain access to the fake marketplace has been found.
What the tutorials claim is that the browser is simply a Tor Browsers that’s been upgraded to send you directly to the dark web marketplace.
This is, however, untrue. The browser simply imitates the UI of the Tor Browser, while being coded in .NET. None of the functions in the browser work.
The Settings menu, however, is clickable and gives users the option to go onto the marketplace. This action sends them to a .onion website, which is also fake. Further research showed that the entire website’s content is from a remote FTP server.
The entire catch is in the fact that once people get onto the fake website, they are being asked to make an account in order to be able to buy products. The “bought” products never get delivered, instead of serving only to further fool users.
The only way to make a purchase on the marketplace is by paying in bitcoins, and although they are told they’re safe because the information is encrypted by PGP keys, this is, again, untrue.
The website creates a folder for each user, and by this time, 138 people have made accounts on the fake market. Three users have been identified by now due to their bitcoin addresses.
The website simply redirects all the traffic to the FTP server and every users’ every action is delivered to the attacker or whoever is managing the website.