Press "Enter" to skip to content

Clipboard-injecting Malware Disguises Itself As Tor Browser And Steals Cryptocurrency

Clipboard-injecting Malware Disguises Itself As Tor Browser And Steals Cryptocurrency

Clipboard-injecting Malware Disguises Itself As Tor Browser And Steals Cryptocurrency

Consider using the Tor browser to browse the internet anonymously while you are a resident of Russia. There is an issue. Many Russians discover that their ISP has restricted access to the Tor website. What do you do then?

ALSO, READ Shein’s Android App Caught Transmitting Clipboard Data to Remote Servers

- CyberInformer_Sticky RightBanner 300x600 high cpm *

You could attempt to download Tor from a location other than the official Tor website. But is the Tor version you downloaded from a torrent or unofficial website reliable? Perhaps not, says a report from Russian antivirus company Kaspersky.

According to Kaspersky researchers, malware that has stolen almost US $400,000 in cryptocurrencies from almost 16,000 people worldwide has been distributed as copies of Tor. The researchers claim that boobytrapped installers provide Russian language packs among a variety of regional language packs for Tor.

ALSO, READ Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware

Clipboard-injecting Malware Disguises Itself As Tor Browser And Steals Cryptocurrency

Tor installer malware
Tor installer malware. Source: Kaspersky

Once installed, the malware snoops on your Windows clipboard.

If it discovers what it thinks to be an address for a cryptocurrency wallet in your clipboard, it replaces it with an attacker-controlled address.

The end result is that even though you could think you’re putting cryptocurrencies into your own wallet, you’re giving it to a cybercriminal.

ALSO, READ Fake GPT Chrome Extension Steals Facebook Sessions And Breaks Into Accounts

Ouch. I found it amusing when the Kaspersky team offered this straightforward advice for determining whether your machine has been compromised:

Type or copy the following “Bitcoin address” in Notepad: bc1heymalwarehowaboutyoureplacethisaddress

Now press Ctrl+C and Ctrl+V. If the address changes to something else — the system is likely compromised by a clipboard-injector type of malware, and is dangerous to use.

Clipboard injection
Malware changing the wallet address through clipboard injection. Source: Kaspersky

I don’t think I’d rely on that test alone to tell if my computer was compromised by the clipboard-injecting malware, but it’s an interesting thing to try.

ALSO, READ Cybersecurity Threat: A Growing Issue In Nigeria – NCC Research

If you’re in any doubt, it’s perhaps safest to always assume your computer is compromised.

CYBERINFORMER.NET –  brings updates on the latest cyber security tips, online safety tips and cyber information, cyber security courses for Nigerians and Foreigners, Cyber security jobs for seekers and much more…

Be First to Comment

Leave a Reply

Mission News Theme by Compete Themes.
%d bloggers like this: