Security News > 2023 > March > Malware disguised as Tor browser steals $400k in cryptocash

Clipboard-injector malware disguised as Tor browser installers has been used to steal about $400,000 in cryptocurrency from nearly 16,000 users worldwide so far in 2023, according to Kaspersky researchers.

"The Tor Project called to help keep Russian users connected to Tor to circumvent censorship," Vitaly Kamluk, head of Kaspersky's Global Research and Analysis Team for APAC, wrote in a blog about the clipper malware.

"Malware authors heard the call and responded by creating trojanized Tor browser bundles and distributing them among Russian-speaking users."

Once the file is downloaded, the executable - usually disguised as uTorrent or another app icon - starts as a new process and the malware gets to work.

One way to avoid this coin-stealing campaign is to download installers from the official Tor Project, which are digitally signed and free of malware.

"A mistake likely made by all victims of this malware was to download and run Tor Browser from a third party resource," Kamluk added.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/30/kaspersky_clipboard_tor_malware/