Researchers Uncover Trojanized Version of Tor Browser Stealing Digital Currency
A recent discovery by researchers has revealed a malicious version of the popular Tor Browser that has been targeting Russian users and siphoning tens of thousands of dollars’ worth of digital currency from unsuspecting victims.
Targeting Russian Users Through Spam Messages
The Trojanized variant of the Tor Browser is being distributed through spam messages on local forums and posts on Pastebin. These messages have been strategically optimized to appear in search results for keywords related to drugs, cryptocurrency, censorship bypass, and Russian politicians. This deceptive tactic aims to lure in users who are searching for these topics.
The malware is being spread through two domains registered in 2014: tor-browser[.]org and torproect[.]org. This malicious package is essentially a modified version of the Tor Browser from 2018 (v 7.5), with altered browser settings and extensions that disable updates, allowing the malware authors to control and modify the software as needed.
Hackers Manipulate Browser Add-On to Steal Funds
The cybercriminals behind this scheme have also tampered with the HTTPS Everywhere add-on that comes with the browser. They have added a content script (script.js) that runs on every webpage visited by the user. This script is designed to target three major Russian-speaking darknet markets.
When a victim attempts to add funds to their account using bitcoin payment on these markets, the Trojanized Tor Browser automatically replaces the original wallet address with one controlled by the hackers. This sneaky tactic allows the cybercriminals to intercept and steal the funds intended for the user’s account.
Impact and Response
As of now, researchers have identified over 500,000 downloads of the Trojanized Tor Browser and have traced around 4.8 bitcoin (equivalent to $40,000) in three bitcoin wallets controlled by the hackers. It is likely that the criminals have also amassed a significant amount of QIWI funds from their victims.
This malicious scheme takes advantage of the increasing push by the Russian government, led by President Putin, towards online censorship similar to that seen in China. With new laws being enacted to grant authorities the power to block access to foreign servers, internet users in Russia are at a heightened risk of falling victim to such cyber threats.
It is crucial for users to exercise caution when downloading software and to verify the authenticity of sources before installing any applications. Staying informed about cybersecurity threats and practicing safe browsing habits can help protect against falling prey to malicious schemes like the Trojanized Tor Browser.