Antivirus Software supplier firm ESET has given warning
about a trojanized Tor Browser which criminals use to exploit people and steal their Bitcoin.
The criminals using a modified (infected) version of the official Tor Browser package, steal bitcoins from darknet market buyers.
According to ESET, the cybercriminals have gotten access to more than $40,000 in Bitcoin.
The infected Tor Browser has been spreading using two websites claiming to distribute the official Russian language version of the Browser. Once the first website (torproect.org) is opened, visitors are shown a message that their version of Tor is outdated.
“Your anonymity is in danger!
WARNING: Your Tor Browser is outdated
Click the button “Update”
An unsuspecting visitor is immediately redirected to another website (tor-browser.org) if he clicks to update, where he will be able to download the infected Tor browsers.
ESET reports the website only has a Windows OS Version.
The two websites were created in 2014 with the first one appearing exactly like the official torproject.org website.
In order to continue stealing from their victims, the criminals deactivated function that allows users to update their Tor Browsers to the latest version which would render the attackers efforts useless.
With extensive modifications made on the infected Tor Browser, the cyber criminals could modify any add-on and it will be loaded by the browser without any issue about it failing its digital signature check.
ESET reports that the payloads have only be seen targeting Russian darknet markets
According to the Antivirus supplier, three bitcoin wallets containing several transactions were identified and have been in use since 2017.
The three wallets reportedly contain a total of 4.8 bitcoin which worth anything $40,000. However, ESET warned the stolen funds could be higher as the criminals also targeted QIWI wallets.