Tor Weaponized to Steal Bitcoin

Tor Weaponized to Steal Bitcoin
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.

Criminals are using the Tor browser — long a favorite of privacy-conscious users — to steal Bitcoin from their victims, researchers at ESET have discovered. The campaign, aimed at a Russian-speaking audience, uses a number of steps to convince users to install a weaponized version of Tor masquerading as the official Russian-language version of the browser. From there, settings and extensions loaded with the malicious browser allow the criminals to manipulate the pages displayed to users, leading them to sites that take Bitcoin from wallets without the owners' permission.


According to the researchers, the bitcoin-stealing campaign has been active and unnoticed for years. Anton Cherepanov, ESET senior malware researcher, notes that the Bitcoin wallets into which stolen Bitcoins are deposited have been active since 2017.


Cerepanov says the JavaScript payload ESET researchers have seen delivered by the malicious websites targets three of the largest Russian-speaking darknet markets. This payload attempts to alter QIWI (a popular Russian money transfer service) or Bitcoin wallets located on pages from these markets.


The campaign is ongoing.


Read more here.




This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.



Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this art ..

Support the originator by clicking the read the rest link below.