Unknown attackers distribute a version of Tor browser with malicious code on the Internet. The program positioned as the official Russian version of Tor.
Links to the installation file were posted onvarious forums and sites pastebin.com, tor-browser.org and torproect.org. At the moment, the researchers found the installer for Windows only, so devices based on macOS and Linux were not susceptible to attack.
After installation, Tor works as usual, however,hackers made changes to settings and extensions to disable automatic updates. Attackers also modified the standard User-Agent to track the user's IP. In addition, a script was built into the HTTPS Everywhere add-on that is loaded when each page is opened and sends data on the actions of a person to the criminals server. To do this, fraudsters have disabled the xpinstall.signatures.required option, which checks the digital signatures of the software in order to protect information and anonymity.
Experts cannot determine the exact amountmalware downloads, however, it became known that the Tor page with the Trojan on PasteBin was visited at least 500,000 times. Famous hacker wallets store 4.8 BTC (almost $ 40,000). ESET antivirus developers suggest that the amount of damage is much higher when you consider the money that is in the accounts in QIWI. The idea of the authors of the project can be called an ideal crime, since the victims do not turn to law enforcement agencies, because they themselves violated the law by purchasing illegal goods on the dark.