Hackers steal more than $400 000 in cryptocurrencies with a Trojan in a fake Tor browser
According to Kaspersky Lab, about 16 000 users of digital assets have been affected by the malware
30.03.2023 - 10:00
859
3 min
0
What’s new? Experts at Kaspersky Lab warned about the spread of a fraudulent scheme using a fake Tor browser. When downloading from a third-party web resource, it gets infected with malware capable of extracting and modifying the contents of the clipboard. About 16 000 cryptocurrency users from 52 countries suffered from the Trojan, and the total damage in 2023 alone exceeded $400 000.
Material on the Secure List website
How does cryptocurrency theft happen? Once on the device, the software registers in the autostart system, masquerading as a popular application, such as uTorrent. As soon as the cryptocurrency wallet address appears in the clipboard, the program automatically replaces it with another address belonging to hackers, which causes the user to lose money.
The program performed address substitution in several popular blockchain networks at once: Bitcoin, Ethereum, Monero, Dogecoin, and Litecoin.
The top 10 countries most affected by the malware were Russia, Ukraine, the United States, Germany, Uzbekistan, Belarus, China, the Netherlands, the United Kingdom, and France. The main mistake users made was downloading and launching Tor Browser from third-party sites. To protect against losing money, Kaspersky Lab recommends downloading the application only from the official site, as well as using antivirus software.
A similar threat was previously reported by ESET. The company found trojans on WhatsApp and Telegram for Android and Windows. Attackers place advertising links to YouTube channels on Google, which then redirects users to fake application sites. A downloaded version of the messenger with malware can replace cryptocurrency wallet addresses sent in chat messages.
SafeGuard warns of new crypto-stealing malware in Telegram
The malware spreads via spamming with images and hides on the victim's device as an operating system file
According to Kaspersky Lab, in 2022, the number of cryptocurrency phishing attacks increased by 40%, reaching 5 million. In one year every seventh user of digital assets suffered from them.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$59 712
BTC
-1.78%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.04
XRP
-2.93%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.074582
DOGE
-1.64%
-
Zcash
$411.23
ZEC
-0.31%
-
Stellar XLM
$0.177237
XLM
-4.72%
-
Cardano
$0.143382
ADA
-2.63%
-
Polkadot
$3.32
DOT
+5.27%