Cybercriminals have stolen about $4,00,000 using Tor Browser malware, affecting more than 15,000 users across 52 countries in 2023, a new report showed on Monday.
According to cybersecurity firm Kaspersky, the Tor Browser malware operates by replacing a portion of the entered clipboard contents with the cybercriminal’s own wallet address once it detects a wallet address in the clipboard.
“Despite the fake Tor Browser attack’s fundamental simplicity, it poses a greater danger than it seems. Not only does it create irreversible money transfers, but it is also passive and hard to detect for a regular user. Most malware requires a communication channel between the malware operator and the victim’s system,” said Vitaly Kamluk, Head of APAC Unit, Global Research & Analysis Team.
Cryptocurrency owners and traders are now actively being targeted by this new type of malware, which has been around for more than a decade and originally used by banking trojans for replacing bank account numbers, the report said.
The target user downloads a trojanized version of Tor Browser from a third-party resource containing a password protected RAR archive.
The purpose of the password is to prevent detection by security solutions. Once the file is dropped inside the user’s system, it registers itself in the system’s auto-start and is masqueraded with an icon of a popular application, such as uTorrent, according to the report.
Furthermore, the report mentioned that the malware targeted cryptocurrencies such as Bitcoin, Ethereum, Litecoin, Dogecoin, and Monero.
These attacks have spread to at least 52 countries worldwide, with the majority of detections in Russia due to users downloading the infected Tor Browser.
The top 10 affected countries also include the US, Germany, Uzbekistan, Belarus, China, the Netherlands, the UK, and France.