The researchers from the IT cybersecurity firm ESET have discovered a fraudulent version of the Tor browser that has a Trojan that steals Bitcoins from users in darknet.
The website was targeting Russian users. The fake browser was distributed on two sites, and it stole the cryptocurrencies by switching the original cryptocurrency addresses from the year 2017, as mentioned in the ESNET’s editorials, as reported on October 18. According to the report, these malicious programs are distributed for Windows users, and there are no signs of having circulated in macOS, Linux, and other mobile phone versions. And these were able to steal around $40,000 worth of Bitcoins.
These were created back in the year 2014, tor-browser[.]org and torproect[.]org are the two browser websites that have been mimicking the real site of the unknown browser, torproject.org. And the scammers usually redirect the user’s version of Tor is out of date, and when the user clicks to update, they are redirected to a different page to get it updated.
“Once installed, the malware-laden browser enables its creators to know what websites a user visits, to change the data on visited pages, and grab the content of data forms. While the hackers could potentially display false information to users, the browser has only been observed to change the wallet addresses to steal bitcoin, “ the senior malware researcher of ESET, Anton Cherepanov said. He further said, “Each such wallet contains relatively large numbers of small transactions; we consider this a confirmation that these wallets indeed were used by the trojanized Tor Browser,” The report also said, “Their goal was to lure language-specific targets to a pair of malicious – yet legitimate-looking – websites,”
The browser, however, has informed the users about the happenings with regards to the monetary losses in the meantime because of the malware.