A compromised version of the Tor browser has targeted Russian-speaking users, spied on them while they were roaming the dark web, and stole their Bitcoin(BTC)trade funds as they were attempting to purchase with BTC on dark web markets.
The infected Tor browser reportedly switched the Bitcoin address to which users were supposed to send funds with the one controlled by the hackers, and users ended up transferring the cryptocurrency funds into the hackers’ account.
Bitcoin and a few other popular cryptocurrencies have a long record of their association with criminal activities and buying/selling illicit substances on the dark web, while fraudsters and scammers have always been looking for one way or another to steal these digital assets. Now, the hackers have infected the widely-used, privacy-focused Tor browser, to spy on users who use the Tor browser to browse through three of the largest Russian-speaking dark web markets.
As reported by Forbes, the total amount of BTC funds stolen by hackers currently stands at 4.8 Bitcoin, a haul which is worth almost $40,000 at current prices. However, the cybersecurity company ESET believes that the amount could be much higher as the fraudsters have been practicing in this nefarious endeavor for a while now.
Anton Cherepanov of ESET, a senior malware researcher stated:
“This malware lets the criminals behind this campaign see what website the victim is currently visiting. In theory, they can change the content of the visited page, grab the data the victim fills into forms and display fake messages, among other activities. However, we have seen only one particular functionality–changing the bitcoin and cryptocurrency wallets.”
The disguised version of the official Tor browser has used to target the Russian-speaking users who often used Tor to access the deep web where people can buy illicit goods and services in exchange for Bitcoin and other cryptocurrencies. Anton Cherepanov further warned that “non-technically savvy people probably won’t notice any difference between the original version and the trojanized one.”
According to ESET, the hackers programmed the Tor browser in a way that it automatically alters the details of popular Russian money transfer service QIWI or Bitcoin wallet addresses located on pages with their own wallet addresses. So, when the users, who unwarily employed the infected version of the Tor browser, paid with their Bitcoin wallets or QIWI wallet, the funds were directly transferred to the hackers’ wallets instead.
“It should be noted that the real amount of stolen money is higher because the trojanized Tor Browser also alters QIWI wallets,” Anton Cherepanov said.
As Bitcoin and other popular cryptocurrencies have been adopted by more people, businesses and markets across the globe, the crimes associated with them have also been increasing accordingly and rapidly, while fraudsters are coming up with new sophisticated ways to commit even more serious crimes.