Bitcoin theft carried out for 3 years via malware-infected Tor Browser

A malware-laden unofficial version of Tor Browser was being used by hackers to spy on Bitcoin users and steal their crypto. This compromised version of the privacy-focused Tor Browser was loaded with malicious tools which helped criminals to steal small amounts of Bitcoin since 2017 when the victims tried to pay on darknet websites.

IT security firm ESET discovered the breach and according to their findings, each affected wallet had relatively large numbers of small transactions. The researchers confirmed that these wallets were “used by the trojanized Tor Browser”. Further study revealed that around 4.8 Bitcoin were stolen.

According to Anton Cherepanov, Senior Malware Researcher at the internet security company stated:

“This malware lets the criminals behind this campaign see what website the victim is currently visiting. In theory, they can change the content of the visited page, grab the data the victim fills in to forms and display fake messages, among other activities. However, we have seen only one particular functionality–changing the Bitcoin and cryptocurrency wallets,”

This malware remained unnoticed for three years and targetted the Russian-speaking users. The visitors on the website are tricked into believing that their Tor Browser is out of date. Clicking this malicious alert would lead to another website with an installer of the fake app. When the trojanized version was installed, the cybercriminals could easily access the pages the user visited and also to change Bitcoin addresses on those pages.