Cryptocurrencies stolen via fake Tor browser

KUALA LUMPUR, 29 March 2023:

Kaspersky researchers have discovered an ongoing disruptive cryptocurrency theft campaign affecting more than 15,000 users across 52 countries, the online security firm said in a statement today.

“Distributed under the guise of Tor browser, the malware operates by replacing a portion of the entered clipboard contents with the cybercriminal’s own wallet address once it detects a wallet address in the clipboard.”

It’s estimated that – so far in 2023 – cybercriminals have been able to steal approximately US$400,000 using this malware.

“While this technique has been around for more than a decade and originally used by banking trojans to replace bank account numbers, with the rise of cryptocurrency, this new type of malware is now actively targeting crypto owners and traders.”

Kaspersky said its technologies have detected more than 15,000 attacks using clipboard injector malware targeting cryptocurrencies like Bitcoin, Ethereum, Litecoin, Dogecoin, and Monero.

“These attacks have spread to at least 52 countries worldwide, with the majority of detections in Russia due to users downloading the infected Tor browser from third-party websites as this browser is officially blocked in the country.

The firm said the top 10 affected countries include the US, Germany, Uzbekistan, Belarus, China, the Netherlands, the UK and France.

“Despite the fake Tor browser attack’s fundamental simplicity, it poses a greater danger than it seems. Not only does it create irreversible money transfers, but it is also passive and hard to detect for a regular user,” said Vitaly Kamluk, head of APAC Unit, Global Research & Analysis Team.

“Most malware requires a communication channel between the malware operator and the victim’s system. On the contrary, clipboard injectors can remain silent for years, with no network activity or other signs of presence until the day they replace a crypto wallet address.”

To keep cryptocurrency safe, Kaspersky experts advise users:

  • Only download software from trusted sources: Avoid downloading software from third-party websites and use official sources whenever possible. Always verify the authenticity of the software before downloading it.
  • Keep your software updated: Ensure your operating system, browser, and other software are up-to-date with the latest security patches and updates. This helps to prevent known vulnerabilities from being exploited.
  • Use security solutions: a reliable security solution will protect your devices from various types of threats.
  • Be cautious with email links and attachments: Do not click on links or download attachments from suspicious or unknown sources, as these may contain malware.
  • Check for digital signatures: Before downloading any software, check for digital signatures to ensure that the software is authentic and has not been tampered with.