- May 4, 2019
- 801
A trojanized version of the Tor Browser is targeting dark web market shoppers to steal their cryptocurrency and tracks the websites they visit.
More than 860 transactions are registered to three of the attackers' wallets, which received about $40,000 in Bitcoin cryptocurrency.
Careful impersonation
The malicious Tor Browser is actively promoted as the Russian version of the original product through posts on Pastebin that are have been optimized to rank high in queries for drugs, cryptocurrency, censorship bypass, and Russian politicians.
Spam messages also help the actor(s) distribute the trojanized variant, which is delivered from two domains claiming to provide the official Russian version of the software.
Cybercriminals were careful with selecting the two domain names (created in 2014) since to a Russian user they appear to be the real deal:
Furthermore, the design of the pages mimic, to some extent, the official site of the project. Landing on one of these pages shows the visitor a warning that their browser is updated, regardless of the version they run.
- tor-browser[.]org
- torproect[.]org - for Russian-speaking visitors, the missing "j" may be seen as a transliteration from Cyrillic
Malicious Tor Browser Steals Cryptocurrency from Darknet Market Users
A trojanized version of the Tor Browser is targeting dark web market shoppers to steal their cryptocurrency and tracks the websites they visit.
www.bleepingcomputer.com
Serious Dark Web Warning Issued After Tor Browser Users Have Bitcoin Stolen
Researchers are warning a version of the widely-used privacy-focused Tor Browser has been used to spy on users and steal their bitcoin...
www.forbes.com