A Trojan version of the anonymous Tor browser, aimed at Russian-speaking users to steal bitcoins in the darknet markets, was discovered by ESET, an anti-virus software company.
Hackers distribute a fake browser through two resources: tor-browser.org and torproect.org, which have existed since 2017. Both mimic the real site of the Tor project, offering to update the browser. Pages are promoted in Russian-language forums.
Screenshot of tor-browser.org page
Attackers used the original Tor code almost unchanged, disabling only updates and some extensions. Therefore, the victims do not notice that they installed fake software.
A fake anonymous browser replaces bitcoin addresses when a user tries to replenish an account.
ESET experts discovered three cryptocurrency wallets, allegedly associated with fake Tor. The transaction amounts since 2017 on them are relatively small – only 4.8 BTC (about $ 38 thousand at the current rate). But the loss of victims of hackers can be much greater, because the browser also replaces QIWI wallets.
Recall that in a recent report, Europol stated that bitcoin is still the preferred cryptocurrency for cybercriminals.
Subscribe to BlockchainJournal news on Facebook !
BlockchainJournal.news
BlockchainJournal.news
