Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions.
The developers behind the malicious browser have so far stolen at least $40,000 in bitcoin, although the true number is likely higher. Researchers from ESET discovered a version of the trojanized app that was modified from the legitimate January 2018 release of Tor Browser 7.5. However, the cybercriminal operation dates back even further to at least 2017, while two malicious domains used to distribute the malware were created way back in 2014, ESET has reported in a blog post authored by company researcher Anton Cherepanov.
The trojanized browser works the same as the authentic version, but with several key changes. While the criminals didn’t tinker with the code, they did change the default browser settings and some extensions. For starters, the malicious actors behind this scheme have disabled a signature check process for installed add-ons. This allows the adversaries to introduce malicious add-ons without having to worry about being flagged by a digital signature check.
Using this payload, the cybercriminals have targeted users of three of the largest Russian-speaking dark web marketplaces by tampering with e-wallets located on th ..