Kaspersky Discovers New Malware Stealing Crypto Assets Via Fake Tor Browser
JAKARTA - Kaspersky researchers have discovered a damaging and ongoing campaign of theft of crypto assets affecting more than 15.000 users in 52 countries.
Distributed under the guise of the Tor Browser, this malware operates by replacing part of the entered clipboard content with the attacker's wallet address upon detecting the wallet address in the clipboard.
So far in 2023, Kaspersky estimates that cybercriminals have made around $400.000 in profits using this malware.
Techniques like this have actually been around for over a decade. Back then, its initial use was by banking trojans to change bank account numbers. But then, with the advent of crypto assets, this new type of malware is now actively targeting crypto owners and sellers.
One recent malware development involved the use of the Tor Browser, a tool used to go deeper into the web. The targeted user downloads a trojan version of Tor Browser from a third-party resource containing a password-protected RAR archive, to prevent detection by security solutions.
SEE ALSO:
Once the file is dropped on the user's system, it registers itself in the auto-start system and is disguised with the icons of popular applications, such as uTorrent.
Of the 15.000 attacks detected, Kaspersky said that this clipboard injector malware targets crypto assets such as Bitcoin, Ethereum, Litecoin, Dogecoin, and Monero.
Moreover, Russia is the country with the most detection of attacks, as users there download infected Tor Browser from third-party websites as this browser is officially blocked in that country.
The other top 10 countries affected were the United States, Germany, Uzbekistan, Belarus, China, the Netherlands, Britain, and France. This means the true number of infections may be much higher than reported.
“Despite the fundamental simplicity of a fake Tor Browser attack, it poses a much greater danger than meets the eye. Not only does it make the money transfer process irreversible, but it is also passive and hard to detect for ordinary users," said Vitaly Kamluk, Head of Asia Pacific Unit, Global Research & Analysis Team (GReAT) in a statement received in Jakarta.