A Trojan version of the anonymous Tor browser aimed at Russian-speaking users to steal bitcoins in the darknet markets was discovered by ESET, an anti-virus software company.
Hackers distribute a fake browser through two resources: tor-browser.org and torproect.org, which have existed since 2017. Both mimic the real site of the Tor project, offering to update the browser. Pages are promoted in Russian-language forums.
Attackers used the original Tor code almost unchanged, disabling only updates and some extensions. Therefore, the victims do not notice that they installed fake software.
A fake anonymous browser replaces bitcoin addresses when a user tries to replenish an account.
ESET experts discovered three cryptocurrency wallets, allegedly associated with fake Tor. The transaction amounts since 2017 are relatively small only 4.8 BTC (about $38 thousand at the current rate). But the loss of victims of hackers can be much greater because the browser also replaces QIWI wallets.
Recall that in a recent report, Europol stated that bitcoin is still the preferred cryptocurrency for cybercriminals.