ESET discovered a Trojan version of the Tor browser with built-in malicious scripts to monitor users and steal cryptocurrencies.
Researchers say the fake product wasDesigned for Russian-speaking darknet users and distributed through two websites and thematic forums since 2014. He tracked the actions of users and when sending bitcoins replaced the specified recipient address with a hacker wallet.
According to ESET since 2017, this has been4.8 VTS was stolen, which at the current rate is about $ 38 thousand. All funds were distributed between three hacker wallets. The last incoming transaction took place in September this year.
When you enter one of these sites, it pops upa message that a visitor is using an outdated version of Tor, asking him to download a newer one, supplemented by malware. Upon confirmation, it was redirected to another site with the installer.
After downloading and installation, the browser allowed the creators to monitor user actions, change data on visited pages and copy the input information of the forms.
ESET reports that in addition to bitcoins, fake Tor stole money in the same way when transferring to QIWI.
Recently, Kaspersky Lab also discovered that some malicious programs for hidden mining are disguised as rare textbooks, finished work, or come bundled with them.