Security News > 2023 > March > Trojanized Tor browsers target Russians with crypto-stealing malware

A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions.
While these malicious Tor installers target countries worldwide, Kaspersky says that most are targeting Russia and Eastern Europe.
"We relate this to the ban of Tor Project's website in Russia at the end of 2021, which was reported by the Tor Project itself," explains Kaspersky.
Cryptocurrency holders may use the Tor browser either to enhance their privacy and anonymity while transacting with cryptocurrencies or because they want to access illegal dark web market services, which are paid in crypto.
Trojanized Tor installations are typically promoted as "Security-strengthened" versions of the official vendor, Tor Project, or pushed to users in countries where Tor is prohibited, making it harder to download the official version.
While the standard Tor browser is launched in the foreground, the archive extracts the malware in the background and runs it as a new process while also registering it on the system autostart.
News URL
Related news
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges (source)
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware (source)
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (source)
- Russian army targeted by new Android malware hidden in mapping app (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Disney Slack attack wasn't Russian protesters, just a Cali dude with malware (source)