December 2, 2020

ESET discovered a fake Tor browser stealing user bitcoins

A Trojan version of the anonymous Tor browser aimed at Russian-speaking users to steal bitcoins on Darknet markets, ESET, an antivirus software company, discovered.

Hackers distribute fake browser throughtwo resources: tor-browser.org and torproect.org, which have existed since 2017. Both mimic the real site of the Tor project, offering to update the browser. Pages are promoted in Russian-language forums.

ESET discovered a fake Tor browser stealing user bitcoins

</p>

Screenshot of tor-browser.org page

Attackers used the original Tor code almost unchanged, disabling only updates and some extensions. Therefore, the victims do not notice that they installed fake software.

A fake anonymous browser replaces bitcoin addresses when a user tries to replenish an account.

ESET specialists discovered three cryptocurrencyWallet allegedly associated with fake Tor. The transaction amounts since 2017 on them are relatively small - only 4.8 BTC (about $ 38 thousand at the current rate). But the loss of victims of hackers can be much greater, because the browser also replaces QIWI wallets.

Recall that in a recent report, Europol stated that bitcoin is still the preferred cryptocurrency for cybercriminals.