ESET antivirus company warns of a malicious version of Tor browser that, Apparently, it has been stealing bitcoins (BTC) on the darknet since 2017.
The Slovak company reports that the fake version was distributed through two websites and disguised as the official Russian version of the Tor browser.
Imitating the real Tor website, torproject.org, fake sites offer users to upgrade their browser to the “latest version,” after which they download malware onto their device.
The virus program changes the key settings andcollects user’s personal data, monitors his actions and disables the option of checking digital signatures, which allows attackers to replace the user's payment data with crypto addresses of hackers.
ESET representatives say that the malware currently only runs on Windows, and so far there have been no complaints from users of Linux, macOS or mobile devices.
The company has identified three wallets involved infraud. Today, their total balance is 4.8 BTC ($ 39,000), and the last transaction took place last month. However, the amount of stolen crypto assets can be much higher.