Tor Weaponized to Steal Bitcoin

Tor Weaponized to Steal Bitcoin

A years-long campaign targets users of Russian markets with a modified install of a -oriented .

Criminals are using the Tor browser — long a favorite of privacy-conscious users — to steal from their victims, researchers at ESET have discovered. The campaign, aimed at a Russian-speaking audience, uses a number of steps to convince users to install a weaponized version of Tor masquerading as the official Russian-language version of the browser. From there, settings and extensions loaded with the malicious browser allow the criminals to manipulate the pages displayed to users, leading them to sites that take from wallets without the owners’ permission.

According to the researchers, the bitcoin-stealing campaign has been active and unnoticed for years. Anton Cherepanov, ESET senior researcher, notes that the Bitcoin wallets into which stolen Bitcoins are deposited have been active since 2017.

Cerepanov says the JavaScript payload ESET researchers have seen delivered by the targets of the malicious website three of the largest Russian-speaking darknet markets. This payload attempts to alter QIWI (a popular Russian money transfer service) or Bitcoin wallets located on pages from these markets.

The campaign is ongoing.

Source: https://www.darkreading.com/attacks-breaches/tor-weaponized-to-steal-bitcoin/d/d-id/1336127?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Leave a Reply