Criminals have been caught distributing fake Tor browsers designed to steal cryptocurrency, and have been quite successful so far, raking in around €400,000 in various tokens from unsuspecting victims, tech experts have warned.
Kaspersky cybersecurity researchers warn users to be careful with Tor Browser installers from third-party stores.
They discovered such an executable inside a password-protected RAR file that, once extracted and installed, monitors the Windows clipboard for cryptocurrency wallets. If it detects one, it will replace it with one controlled by the attacker.
complicated directions
When someone tries to send funds from one address to another, they usually copy and paste the recipient's address because it's a long string of seemingly random characters that are nearly impossible to get past. Acuerdo.
If the malware replaces the copied address with another, the victim may not see the difference and simply send the funds to the wrong address.
The method actually works quite well, as these attackers stole about $400 from around 000 users this year alone. Most of the stolen money is in Bitcoin (€16), Litecoin (€000), Ethereum (€380) and Dogecoin (€000). Due to the design of the malware, the researchers cannot be absolutely sure of the amount of money stolen and believe that the final figure is likely to be even higher.
Although the victims are spread throughout the world (52 countries), the majority reside in Russia, followed by Ukraine and the United States. Investigators believe that the Russians were the main targets because Tor was first banned and then censored in the country. This made the Russians look for alternative places to recover the famous navigator.
"The Tor Project called for helping Russian users stay connected to Tor to bypass censorship," said Vitaly Kamluk, head of Kaspersky's global research and analysis team for APAC. "Malware authors have heard the call and responded by bundling Tor Browser with Trojans and distributing them to Russian-speaking users."
Via: The Registry (Opens in a new tab)