ESET, a Slovakia-based antivirus and firewall software supplier has revealed a trojanized Tor Browser designed to steal Bitcoin (BTC) from Russia-based darknet users. Besides Bitcoin, the fake browser has also been stealing funds from QIWI wallets.
According to ESET’s report on Oct. 18, the fake Tor Browser has been stealing bitcoins by Bitcoin wallet addresses since 2017. The Tor Browser websites was distributed via two websites — tor-browser[.]org and torproect[.]org. These websites offered to download the fake “the most up-to-date Tor Browser version” containing malware.
There were three wallets allegedly involved in the scam scheme. The total amount of stoled funds accounted for 4.8 Bitcoin so far, the latest transaction is dated on September 2019.
The Tor Browser malware has been distributed for Windows, however it cannot be excluded it has not been applied to macOS, Linux, or mobile versions.
Early this month, ESET reported on the banking trojan, dubbed “Casbaneiro” or “Metamorfo,” targeting at Brazil- and Mexico-based banks and crypto services.