According to Kaspersky Lab, about 16 000 users of digital assets have been affected by the malware

​Hackers steal more than $400 000 in cryptocurrencies with a Trojan in a fake Tor browser

30.03.2023 - 10:00

352

3 min

What’s new? Experts at Kaspersky Lab warned about the spread of a fraudulent scheme using a fake Tor browser. When downloading from a third-party web resource, it gets infected with malware capable of extracting and modifying the contents of the clipboard. About 16 000 cryptocurrency users from 52 countries suffered from the Trojan, and the total damage in 2023 alone exceeded $400 000.

Material on the Secure List website

How does cryptocurrency theft happen? Once on the device, the software registers in the autostart system, masquerading as a popular application, such as uTorrent. As soon as the cryptocurrency wallet address appears in the clipboard, the program automatically replaces it with another address belonging to hackers, which causes the user to lose money.

The program performed address substitution in several popular blockchain networks at once: Bitcoin, Ethereum, Monero, Dogecoin, and Litecoin.

The top 10 countries most affected by the malware were Russia, Ukraine, the United States, Germany, Uzbekistan, Belarus, China, the Netherlands, the United Kingdom, and France. The main mistake users made was downloading and launching Tor Browser from third-party sites. To protect against losing money, Kaspersky Lab recommends downloading the application only from the official site, as well as using antivirus software.

A similar threat was previously reported by ESET. The company found trojans on WhatsApp and Telegram for Android and Windows. Attackers place advertising links to YouTube channels on Google, which then redirects users to fake application sites. A downloaded version of the messenger with malware can replace cryptocurrency wallet addresses sent in chat messages.

SafeGuard warns of new crypto-stealing malware in Telegram

SafeGuard warns of new crypto-stealing malware in Telegram

The malware spreads via spamming with images and hides on the victim's device as an operating system file

Read further

According to Kaspersky Lab, in 2022, the number of cryptocurrency phishing attacks increased by 40%, reaching 5 million. In one year every seventh user of digital assets suffered from them.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy