Watch out - that Tor browser install could just be malware

Researchers spot fake Tor browsers infecting computers with crypto-stealing malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Criminals have been discovered distributing fake Torbrowsersthat are designed to steal cryptocurrency, and so far, have been quite successful, raking in roughly $400,000 in various tokens from unsuspecting victims, experts have warned

Cybersecurity researchers from Kaspersky are warning users to watch out forTorbrowser installers from third-party stores.

They’ve spotted one such executable sitting in a password-protected RAR archive which, when extracted and installed, monitors the Windows clipboard for cryptocurrency wallets. If it spots one, it will replace it with one controlled by the attacker.

Complicated addresses

When a person tries to send funds from one address to another, they would usually copy and paste the recipient’s address, as these are a long string of seemingly random characters which are almost impossible to remember.

If themalwarereplaces the copied address with a different one, chances are the victim won’t see the difference and will just send the funds to the wrong address.

The method actually works quite well, as these attackers stole some $400,000 from roughly 16,000 users, just this year. Most of the stolen cash is in Bitcoin ($380,000), Litecoin ($10,000), Ethereum ($4,800), and Dogecoin ($517). Due to the way the malware is designed, the researchers can’t be absolutely certain about the amount of money stolen, and speculate that the final figure is probably even bigger.

Nearly $200m in crypto stolen in Euler Finance attack>North Korean APT43 hackers target organizations to launder crypto using cloud>Keep your business safe with the best endpoint protection for small business

While the victims are scattered all over the world (52 countries) the bulk of them reside in Russia, followed by Ukraine, and the US. The researchers believe Russians were the biggest targets as Tor was first banned, and later censored, in the country. That made Russians look for alternative places to grab the famed browser from.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The Tor Project called to help keep Russian users connected to Tor to circumvent censorship,” said Vitaly Kamluk, head of Kaspersky’s Global Research and Analysis Team for APAC. “Malware authors heard the call and responded by creating trojanized Tor browser bundles and distributing them among Russian-speaking users.”

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind