A fake browser called Rodeo that imitates the Tor browser has been discovered luring users to create their accounts on the website which is essentially present in the dark web. The fake website is a marketplace for all kinds of illegal products stealing money from users.

The Rodeo

The website offers access to a dark web marketplace called the Rodeo Marketplace. It apparently offers everything from drugs to unlocked phones and other types of illegal merchandise.

However, research shows that the entire setup is a scam and the website is not actually what it claims to be.

YouTube Tutorials

An investigation conducted by Lawrence Abrams discovered of BleepingComputer revealed that the website is being distributed through YouTube tutorials which explain to non-technical users how to download the Rodeo browser in order to access the Rodeo marketplace.

In the tutorials, it is indicated that the Rodeo browser is essentially a Tor Browser which is tweaked exclusively to allow access to the dark web marketplace.

What is Rodeo?

Although it is purported to be a Tor browser, it is, however, nothing like that and simply imitates the UI of the Tor browser. The entire browser is coded in .NET and all the buttons in the browser do not work.

Only the Settings menu allow the users to click and choose the option to load the marketplace. Once clicked, the users are redirected to a .onion website, which is again not real.

In fact, research showed that all the content on the website is downloaded from a remote FTP server and nothing that appears on the screen is real.

What’s the scam?

Once the marketplace is loaded, users are asked to create an account in order to make purchases. However, the orders placed are simply meant to fool the users as the products do not get delivered.

Nevertheless, the users have to pay in bitcoins to make a purchase. Furthermore, it was revealed that contrary to the claim that the site makes which says the information is encrypted by PGP keys, in reality, there is no such encryption.

Folders for each user

Abrams reported for every user, the website creates a folder, and according to their report, around 138 customers have accounts on the website. The bitcoin addresses of three users have been identified up till now.

The website simply redirects all the traffic to the FTP server and hence everything the user does is sent to the attacker or whoever is operating the site.

Source and Images: BleepingComputer