The Tor anonymisation network is being used to hide 900 botnet and cybercrime-related hidden services, according to Kaspersky Lab.

Kaspersky security researchers report that the Tor network is playing host to the ChewBacca point-of-sale keylogger and the ZeuS banking malware control infrastructure, as well as the first Tor Trojan for Android.

Many Tor network resources are command-and-control servers, admin panels and other malware-related resources. “Carding” forums are also flourishing on the darknet.

Using darknet resources offers various advantages to cybercriminals, who are increasingly moving towards the technology, according to Kaspersky Lab.

“Hosting C&C servers in Tor makes them harder to identify, blacklist or eliminate," explained Sergey Lozhkin, a senior security researcher at Kaspersky Lab, "although creating a Tor communication module within a malware sample means extra work for the malware developers.”

Lozhkin added: “We expect there will be a rise in new Tor-based malware, as well as Tor support for existing malware.”

It's difficult, if not impossible, to identify the user’s IP address in Tor, which offers a cloak of anonymity that can be used by anyone from human rights activists to cybercrooks. Moreover, this darknet resource utilises so-called pseudo-domains which frustrate efforts to identify the resource owner’s personal information. ®

Related stories

• 'Most advanced mobile botnet EVER' is coming for your OFFICE Androids (19 November 2014)

  https://www.theregister.com/2014/11/19/android_botnet_notcompatible/

• Tor is '90 per cent of the net' claims City of London Police Commish – and he's dead wrong (18 June 2014)

  https://www.theregister.com/2014/06/18/no_commissioner_tor_isnt_90_per_cent_of_the_net/

• Watch a bank-raiding ZeuS bot command post get owned in 60 seconds (6 May 2014)

  https://www.theregister.com/2014/05/06/zeus_pwned_in_60_seconds/

• Heartbleed mega-bug clean up shrinks Tor network by an eighth (17 April 2014)

  https://www.theregister.com/2014/04/17/heartbleed_shrinks_tor_by_an_eighth/

• Kaspersky's Security for Virtualization pushed to XenServer and HyperV (15 April 2014)

  https://www.theregister.com/2014/04/15/kaspersky_pushes_security_for_virtualization_to_xenserver_and_hyperv/

• Feds indict nine for making millions from Zeus malware (14 April 2014)

  https://www.theregister.com/2014/04/14/feds_indict_nine_in_nebraska_for_making_millions_from_zeus_malware/

• Tor Project claims 'fake' Tor Browser sat in iOS App Store for months (21 March 2014)

  https://www.theregister.com/2014/03/21/tor_group_claims_fake_browser_has_sat_in_app_store_for_months/

• IM demo for TOR coming soon (3 March 2014)

  https://www.theregister.com/2014/03/03/im_demo_for_tor_coming_soon/

• ChewBacca point-of-sale keylogger SLURPS your CREDIT CARD data (31 January 2014)

  https://www.theregister.com/2014/01/31/chewbacca_pos_malware/

• Got a TorMail account to avoid Uncle Sam's web snoops? About that... (28 January 2014)

  https://www.theregister.com/2014/01/28/kept_a_secret_tormail_account_to_avoid_government_snoops_about_that/

• Darknet: It's not just for DRUGS. Ninja Banking Trojan uses it too (21 November 2013)

  https://www.theregister.com/2013/11/21/ninja_banking_malware/