September 26, 2022

ESET discovered a fake Tor browser stealing user bitcoins

A Trojan version of the anonymous Tor browser aimed at Russian-speaking users to steal bitcoins on Darknet markets, ESET, an antivirus software company, discovered.

Hackers distribute fake browser throughtwo resources: and, which have existed since 2017. Both mimic the real site of the Tor project, offering to update the browser. Pages are promoted in Russian-language forums.

ESET discovered a fake Tor browser stealing user bitcoins

Screenshot of page

Attackers used the original Tor code almost unchanged, disabling only updates and some extensions. Therefore, the victims do not notice that they installed fake software.

A fake anonymous browser replaces bitcoin addresses when a user tries to replenish an account.

ESET specialists discovered three cryptocurrencyWallet allegedly associated with fake Tor. The transaction amounts since 2017 on them are relatively small - only 4.8 BTC (about $ 38 thousand at the current rate). But the loss of victims of hackers can be much greater, because the browser also replaces QIWI wallets.

Recall that in a recent report, Europol stated that bitcoin is still the preferred cryptocurrency for cybercriminals.