A Trojan version of the anonymous Tor browser targeting Russian-speaking users to steal bitcoins onDarknet markets, ESET, an antivirus software company, discovered.
Hackers distribute fake browser throughtwo resources: tor-browser.org and torproect.org, which have existed since 2017. Both mimic the real site of the Tor project, offering to update the browser. Pages are promoted in Russian-language forums.
Screenshot of tor-browser.org page
Attackers used the original Tor code almost unchanged, disabling only updates and some extensions. Therefore, the victims do not notice that they installed fake software.
A fake anonymous browser replaces bitcoin addresses when a user tries to replenish an account.
ESET specialists discovered three cryptocurrencyWallet allegedly associated with fake Tor. The transaction amounts since 2017 on them are relatively small - only 4.8 BTC (about $ 38 thousand at the current rate). But the loss of victims of hackers can be much greater, because the browser also replaces QIWI wallets.
Recall that in a recent report, Europol stated that bitcoin is still the preferred cryptocurrency for cybercriminals.
Read this:
The fake Tor browser has been stealing bitcoins and user data for years
Bithumb has prepared a special offer for foreign users
Trend Micro discovered a new hidden miner virus for Linux
Barclays no longer supports Coinbase user accounts
Lithuanians can exchange bitcoins in stores
About fraudulent schemes targeting Huobi, MyEtherWallet, and Blockchain.info users