ESET experts said hackers are distributing a fake version of the Tor browser using malware to track user actions and steal their bitcoins.
According to ESET’s specialists,working in the field of IT security, a file for installing a modified browser is posted by hackers on various forums and sites. At the same time, the program is presented as the official Russian version of the Tor browser.
“Fraudsters are aimed specifically at the Russian-speaking audience who make transactions on illegal sites,” computer security experts emphasized.
After installation, the browser works in normalmode, however, changes to the settings and special extensions disable automatic updates, allow attackers to monitor the sites visited by users, as well as collect their personal data and change information about the pages viewed.
So, by disabling the option to verify digital signatures, which ensures confidentiality and anonymity, hackers change payment data, while users only see previous information.
In addition, the researchers found severalcryptocurrency wallets that may be related to a fake browser version. However, major transactions with them were not carried out, and the total amount of funds on these wallets does not exceed 4.8 BTC (about $ 39,000). ESET suggests that the amount of stolen funds can be much larger, given that QIWI wallets are also at risk.
Recall that, according to Europol, most often forto gain access to the financial information of users, scammers use ransomware viruses. Also, cybercriminals can exploit any vulnerabilities in outdated software versions.</p></p>