Infected Tor for years steals bitcoin users

Hackers are distributing a compromised version of the official tor browser that contains malicious tools used to both spy on users and steal their bitcoins.

Discovered by researchers at ESET, an information security company, the Trojan-infected tor browser appears to have resulted in the loss of a relatively small number of bitcoins to date, with funds generated by address exchanges when users try to pay in the darknet markets.

In a statement, ESET senior researcher Anton Cherepanov said the study identified three bitcoin wallets used by hackers since 2017, clarifying:

Each such wallet contains a relatively large number of small transactions; we consider this to be confirmation that these wallets were indeed used by a tor browser infected with a Trojan.

At the time of the study, three wallets received 4.8 bitcoins (worth $38 ' 700 at the time of printing), although ESET said that the actual amount stolen is more, since wallets for the Russian payment service QIWI are also targets of these attacks.

The hacking campaign targeted Russian-speaking users of Tor, a network designed to hide personal data in order to avoid tracking and surveillance.

Cybercriminals hiding behind the fake tor browser use forums and to distribute your offer as the official Russian version of the application. "Their goal was to lure language-oriented targets to a couple of malicious - but looking legitimate-sites," ESET writes.

On the first website, the user receives a warning that his tor browser is out of date, even if it was not true. Visitors who were fooled by the message were then redirected to a second website with a fake app installer.

Once installed, the malicious browser allows its creators to know which websites the user is visiting, modify the data on the pages visited, and capture the contents of data forms. According to Cherepanov, "while hackers can potentially display false information to users, the browser only changes wallet addresses in order to steal bitcoins."

#tor #browser #btc #bitcoin #hackers #darknet #market #eset #trojan #exchange #qiwi #anewlook