It is particularly dangerous right now to get an unofficial version of Tor, even more so if you are a fan of cryptocurrencies. Indeed, several pirated versions are circulating at the moment. Problem, these include malware that scans the user’s clipboard to remove the wallet passwords and, thus, steal all the digital assets of the latter.
Tor isn’t the most popular Internet browser for the general public, but it’s especially popular with users who want to stay anonymous on the web or visit sites that are only on the dark web. This is, among other things, the reason why the Russian government decided to ban the software from its territory at the end of 2021. However, who says ban necessarily says pirated versions coming to fill the void. And who says pirated versions says software infected with malware.
Unsurprisingly, Kaspersky experts have therefore found traces of a fake version of Tor, intended above all for the Russian population deprived of the browser, which actually camouflages a dangerous Trojan horse. Once installed on the PC of its victim, it is able to scan the clipboard to extract the passwords of a crypto wallet. When we know that Tor is often used to carry out transactions on the blockchain, we understand that the scheme is more formidable than it seems.
On the same subject — this fake Tor browser circulating massively on YouTube hides dangerous spyware
Hackers infected Tor with crypto-stealing malware
The malware itself resides within a RAR file hidden inside the installation folder, which extracts itself automatically once the hijacked browser is downloaded to the PC. Inside is the executable file responsible for scanning the clipboard, configured to run when the infected machine starts. Thus, each time text is copied by the user, the malware is able to detect if it is a wallet password.
Kaspersky says it detected around 16,000 variants of the malware between August 2022 and February 2023, in a total of 52 countries, although Russia is the number one target for hackers. The cybersecurity firm estimates the amount of assets stolen by hackers at $400,000. If we are relatively spared by the operation in France, we still advise you to download the browser from its official site. A valid advice for any software you want to install on your computer.
Source : Kaspersky
