Cybercriminals stole over $400,000 via Tor Browser malware, affecting over 15,000 users in 52 countries In 2023, a new report showed on Monday.
According to cybersecurity firm Kaspersky, the Tor Browser malware acts by changing a portion of the entered clipboard contents with the cybercriminal’s own wallet address whenever it recognizes a wallet address in the clipboard.
“Despite the fake Tor Browser attack’s fundamental simplicity, it poses a greater danger than it seems. Not only does it create irreversible money transfers, but it is also passive and hard to detect for a regular user. Most malware requires a communication channel between the malware operator and the victim’s system,” said Vitaly Kamluk, Head of APAC Unit, Global Research & Analysis Team.
This new form of malware, which has been present for more than a decade and was initially used by banking trojans for altering bank account numbers, is now specifically targeting cryptocurrency owners and dealers, according to the report.
A password-protected RAR archive is downloaded by the target user from a third-party source along with a trojanized version of Tor Browser.
The password’s main function is to avoid being discovered by security programs. Per the report, after the file is dropped within the user’s system, it registers itself in the auto-start feature and poses as an icon of a well-known program, like uTorrent.
Furthermore, the malware targeted cryptocurrencies such as Bitcoin, Ethereum, Litecoin, Dogecoin, and Monero.
These attacks have spread to at least 52 countries around the world, with the majority of detections occurring in Russia as a result of individuals installing the compromised Tor Browser.
The United States, Germany, Uzbekistan, Belarus, China, the Netherlands, the United Kingdom, and France are also among the top ten affected countries.