Cyber security firm ESET have unveiled a malicious version of the Tor browser – a program used to access the dark web. And it has been stealing user’s Bitcoin. According to the firm, the illicit actors were able to steal $40,000 in BTC.
A Trojan effected version of an official Tor browser has been used by the scammers which redirects users to two websites that claim the user’s version of Tor is out of date even if it has been updated timely. When a user clicks on the “Update” on the nefarious page, they are then being redirected to the other website where they are told they can download an updated version.
These malicious websites and the malicious Tor browser was promoted in 2017 and early 2018 on the various Russian forums, according to ESET. And the bogus browser claimed to be the official Russian language version of Tor.
The scammers has also used the pastebin accounts which have been viewed more than 500,000 times to promote their fake websites in order to attack user’s Tor browser and encourage users to download software to evade government surveillance.
When the users went to add funds to their Bitcoin wallet or pay for items on darkweb marketplace, the browser would change the target wallet address to other which is illicitly controlled by scammers.
How to Prevent from Such Attack?
For all intent, the infected browser is exactly the same as the legitimate Tor browser, so there is little to suggest to the user that something might go wrong. While using malware to switch out Bitcoin wallet addresses is not new, embedding that functionality in a browser is less common. It’s quite a savvy strategy, too.
To access dark web marketplaces you must use Tor – The Onion Router. The cyberbaddies knew there is a high probability that Tor users will probably use Bitcoin as well. If there is something to be learned from this, it is to always download software from legitimate sources and keep it up-to-date.