Global Exchange- Hackers published a fake edition of the official Tor Browser, which is loaded with harmful tools to spy and steal bitcoin from users. For years a fake Tor Browser has been spying and stealing bitcoin.
Uncovered by IT security researchers at ESET, the Trojan compromised Tor appears to have lost very minimal bitcoin to date, with funds apprehended by the changing of addresses while users attempt to pay in darknet markets.
ESET’s lead malware researcher, Anton Cherepanov, said in an emailed statement to a media source on Friday, that their research discovered three bitcoin wallets, which was in use by the perpetrators since 2017.
Cherepanov further stated that every discovered wallet contained a huge cache of small transactions; he also mentioned that this discovery confirmed that these wallets were used in the Tor Browser compromised by a trojan virus.
By the time the research was completed, the three wallets had accumulated 4.8 Bitcoin which is worth $38,700. Additionally, ESET stated that the actual stolen amount might be much more, as the Russian payments service QIWI had wallets which were also being targeted by the same hackers.
The malware effort has been threatening Russian-speaking Tor users, with the network being developed in a manner which keeps identities untracked, allowing them to escape enforcement and detection.
Forums and pastebin.com were used by hackers to infect Tor browsers by distributing it as the official version of the application in the Russian language.
According to ESET: Globalxchange
“Their goal was to lure language-specific targets to a pair of malicious – yet legitimate-looking – websites.”
The first website alerts the users about the obsoletion of their Tor browser, even though that is not true, users who fall for the trap are directed to another website wherein they are prompted to download and install the fake app.
Cherepanov claims that when the malware-loaded apps are enabled, it allows developers to learn which websites the clients visit and obtain the content in data form. Although the hackers may show false information to users, the attacker only modifies the wallet addresses to steal bitcoin.
Uncovered by IT security researchers at ESET, the Trojan compromised Tor appears to have lost very minimal bitcoin to date, with funds apprehended by the changing of addresses while users attempt to pay in darknet markets.
ESET’s lead malware researcher, Anton Cherepanov, said in an emailed statement to a media source on Friday, that their research discovered three bitcoin wallets, which was in use by the perpetrators since 2017.
Cherepanov further stated that every discovered wallet contained a huge cache of small transactions; he also mentioned that this discovery confirmed that these wallets were used in the Tor Browser compromised by a trojan virus.
By the time the research was completed, the three wallets had accumulated 4.8 Bitcoin which is worth $38,700. Additionally, ESET stated that the actual stolen amount might be much more, as the Russian payments service QIWI had wallets which were also being targeted by the same hackers.
The malware effort has been threatening Russian-speaking Tor users, with the network being developed in a manner which keeps identities untracked, allowing them to escape enforcement and detection.
Forums and pastebin.com were used by hackers to infect Tor browsers by distributing it as the official version of the application in the Russian language.
According to ESET: Globalxchange
“Their goal was to lure language-specific targets to a pair of malicious – yet legitimate-looking – websites.”
The first website alerts the users about the obsoletion of their Tor browser, even though that is not true, users who fall for the trap are directed to another website wherein they are prompted to download and install the fake app.
Cherepanov claims that when the malware-loaded apps are enabled, it allows developers to learn which websites the clients visit and obtain the content in data form. Although the hackers may show false information to users, the attacker only modifies the wallet addresses to steal bitcoin.
Comments
Post a Comment