A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
Criminals are using the Tor browser — long a favorite of privacy-conscious users — to steal Bitcoin from their victims, researchers at ESET have discovered. The campaign, aimed at a Russian-speaking audience, uses a number of steps to convince users to install a weaponized version of Tor masquerading as the official Russian-language version of the browser. From there, settings and extensions loaded with the malicious browser allow the criminals to manipulate the pages displayed to users, leading them to sites that take Bitcoin from wallets without the owners' permission.
According to the researchers, the bitcoin-stealing campaign has been active and unnoticed for years. Anton Cherepanov, ESET senior malware researcher, notes that the Bitcoin wallets into which stolen Bitcoins are deposited have been active since 2017.
Cerepanov says the JavaScript payload ESET researchers have seen delivered by the malicious websites targets three of the largest Russian-speaking darknet markets. This payload attempts to alter QIWI (a popular Russian money transfer service) or Bitcoin wallets located on pages from these markets.
The campaign is ongoing.
Read more here.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024