Distribution of a compromised official Tor Browser version has been going on courtesy of unrelenting hackers.
Fortunately, ESET — a Major antivirus software supplier — was able to unearth a trojanized Tor Browser that was capitalizing on malicious tools to spy and even steal Bitcoin (BTC) from users.
Oct. 18, WeLiveSecurity, ESET’s editorial division, reported that since 2017, the fake Tor Browser which was being distributed via two websites was swapping the original crypto addresses and subsequently stealing cryptocurrency from darknet shoppers especially those in Russia.
The two fake Tor Browser websites that mimicked anonymous browser’s real website, torproject.org, were torproect[.]org and tor-browser[.]org – which came about in 2014.
To lure users into downloading the fake version that contains malware, these websites will show a message that the visitors need to update their outdated Tor Browser version, even when they have a Tor Browser version, which is up-to-date according to the Slovakian software security firm.
A substantial amount of Bitcoin stolen
Distribution of the newly discovered malware seems to have taken place on Windows, but mobile, Linux, or macOS versions were not affected.
Once installed, the malicious Tor Browser will swap the crypto addresses of users automatically to criminals-controlled addresses.
So far, 4.8 Bitcoin is the total amount of received funds that three wallets that took part in the campaign possessed. At press time, there was 2.66 BTC in one of the wallets.
Besides bitcoin, ESET claimed that QIWI wallets were also altered and money stolen from it.
Another kind of malware known as “Metamorfo,” or “Casbaneiro” was flagged by ESET in early October after it was found to be facilitating crypto stealing. Banks and crypto services situated in Mexico and Brazil were the primary targets of the banking trojan – and up to now, 1.2 BTC has allegedly been stolen.
Many warnings concerning security breaches that could result in potential money losses had previously been given to Tor Browser users.
One common crypto exchange, LocalBitcoins, even warned that Tor Browser exposes Tor users to a possible bitcoin stealing.
Creators are able to know the websites a user usually visits, and even change the data on visited pages with the malware-laden browser.