Fake Tor Browser Steals Bitcoin from Russian Darkweb Users
Cybercrime researchers discovered a so-called “trojanized version” of the Tor Browser responsible for stealing $40,000 from users of Russian darknet markets. The infected version of the browser is being distributed through darkweb forums via posts about darknet markets, crytpocurrency, and bypassing censorship.
According to researchers at ESET, the actors behind the campaign have been directing users to one of three domains that mimic the Tor Project’s official website, torproject.org. One example looks very similar to the official domain: torproect.org (note the missing “j”). The fake Tor Project website contains descriptions of the Tor Browser as well as a link to download the modified version of the browser. The link is distributed from tor-browser.org.
Here are three claims made about the fake browser, translated from Russian automatically:
If you want to surf darknet not to fear for your safety, then this most protected tor browser is for you!
If you are tired of unsolvable captcha and constant lags of an ordinary browser tor, it’s time to upgrade to our upgraded browser.
You can not doubt the security of this browser, all traffic is wrapped in a torus, including the recaptcha solver.
Like the phishing proxies currently stealing funds from users of Empire Market, the fake Tor Browser swaps the deposit addresses on three Russian darkweb markets. Instead of seeing the Bitcoin address of their marketplace wallet, users see one of three Bitcoin addresses controlled by the actors responsible for this campaign.
3338V5E5DUetyfhTyCRPZLB5eASVdkEqQQ 3CEtinamJCciqSEgSLNoPpywWjviihYqrw 1FUPnTZNBmTJrSTvJFweJvUKxRVcaMG8oS
Do you find this content interesting?
Let us know by leaving a comment and a rating.
Also, don't forget to follow our Official Telegram Channel to stay informed and safe by Reading NOIRdotNEWS