A Trojan version of the anonymous Tor browser aimed at Russian-speaking users to steal bitcoins on Darknet markets, ESET, an antivirus software company, discovered.
Hackers distribute fake browser throughtwo resources: tor-browser.org and torproect.org, which have existed since 2017. Both mimic the real site of the Tor project, offering to update the browser. Pages are promoted in Russian-language forums.
Screenshot of tor-browser.org page
Attackers used the original Tor code almost unchanged, disabling only updates and some extensions. Therefore, the victims do not notice that they installed fake software.
A fake anonymous browser replaces bitcoin addresses when a user tries to replenish an account.
ESET specialists discovered three cryptocurrencyWallet allegedly associated with fake Tor. The transaction amounts since 2017 on them are relatively small - only 4.8 BTC (about $ 38 thousand at the current rate). But the loss of victims of hackers can be much greater, because the browser also replaces QIWI wallets.
Recall that in a recent report, Europol stated that bitcoin is still the preferred cryptocurrency for cybercriminals.