If there’s one thing bitcoin enthusiasts are having a hard time avoiding, its crypto scams and thefts. From Mt. Gox to Coincheck, thefts can ring through the industry like the bells of Notre Dame, and sometimes, they can lead to harsh consequences for the crypto and blockchain space. The latest scam is coming by way of the Tor Browser, which is being monitored by criminals as a means of stealing unsuspecting persons’ bitcoins.
Tor Browser Is Home to Some Malicious Actors
Thus far, the amounts of bitcoins stolen through the scam amount to 4.8 BTC. That’s roughly $40,000 at press time. Analysts at ESET, a cybersecurity company, are warning that the total could potentially be higher, as the scam could have been running for years without anyone knowing.
Anton Cherepanov, a senior malware researcher at ESET explains that the Tor Browser is playing host to a specific kind of malware that’s targeting mostly Russian-speaking users. The Tor Network is widely used to access black markets. Thus, those who use it are typically looking to score on illicit goods, such as drugs, guns and similar paraphernalia. Most of the time, cryptocurrencies – given their allegedly anonymous properties – are used to purchase these items.
Cherepanov explains the dangers behind the software:
This malware lets the criminals behind this campaign see what website the victim is currently visiting. In theory, they can change the content of the visited page, grab the data the victim fills in to forms and display fake messages, among other activities. However, we have seen only one functionality – changing the bitcoin and cryptocurrency wallets… Non-technically savvy people probably won’t notice any difference between the original version and the trojan one.
The malware is allowing criminals to switch out receiving bitcoin addresses with their own. Thus, whenever anyone makes a purchase with crypto, the malicious actors wind up with funds they haven’t earned. The victim winds up with an empty wallet and a lot of humiliation in their back pockets.
This Has Been Going on for Some Time
During our investigation, we identified three bitcoin wallet that have been used in this campaign since 2017. Each such wallet contains relatively large numbers of small transactions. We consider this a confirmation that these wallets indeed were used by the trojan Tor Browser. It should be noted that the real amount of stolen money is higher because the trojan Tor Browser also alters QIWI wallets.
Cyberattacks like these have become relatively common (and even popular) in the crypto space as of late. One of the more recent cases involved a form of malware that’s been dubbed “Save Yourself.” The software records your actions by gaining access to your computer’s webcam. From there, it will blackmail you with a bitcoin ransom granted you’ve visited any “dirty sites.”