Security News > 2023 > March > Trojanized Tor browsers target Russians with crypto-stealing malware
A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions.
While these malicious Tor installers target countries worldwide, Kaspersky says that most are targeting Russia and Eastern Europe.
"We relate this to the ban of Tor Project's website in Russia at the end of 2021, which was reported by the Tor Project itself," explains Kaspersky.
Cryptocurrency holders may use the Tor browser either to enhance their privacy and anonymity while transacting with cryptocurrencies or because they want to access illegal dark web market services, which are paid in crypto.
Trojanized Tor installations are typically promoted as "Security-strengthened" versions of the official vendor, Tor Project, or pushed to users in countries where Tor is prohibited, making it harder to download the official version.
While the standard Tor browser is launched in the foreground, the archive extracts the malware in the background and runs it as a new process while also registering it on the system autostart.
News URL
Related news
- Fake browser updates spread updated WarmCookie malware (source)
- Crypto-stealing malware campaign infects 28,000 people (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)