By strategiaynegocios.net

Kaspersky experts have uncovered a cryptocurrency theft campaign that has affected 15,000 users in 52 countries distributed through a fake Tor browser and exploit transactions so that payments are made to cybercriminals, not the intended recipients.

Kaspersky estimates suggest that, so far in 2023, at least US$400,000 has been stolen. This is a technique that has been around for over a decade. This technique was originally used by banking trojans that substitute account numbers.

Clipper’s evolution involves using the Tor browser, a tool used to access the Deep Web. Victims unknowingly download an infected version from a fake site that contains a password-protected RAR file so that security solutions cannot detect the malware. It then registers itself in autostart and impersonates itself as the icon of a popular application, such as uTorrent.

Kaspersky security systems have detected more than 15,000 attacks using this method in transactions with cryptocurrencies such as bitcoin, ethereum, litecoin, dogecoin or monero. Most of the detected cases are from Russia, where Tor is officially blocked and users download it from third-party websites. Among the 10 most affected countries are the United States, Germany, Uzbekistan, Belarus, China, the Netherlands, the United Kingdom and France.

“Attacks via fake versions of the Tor browser are more dangerous than you might think. It executes money transfers that are irreversible and very difficult to detect. Most malware requires a channel of communication with the victim’s system,” explains Vitaly Kamluk, head of Kaspersky’s APAC Unit.