Clipboard-injecting Malware Disguises Itself As Tor Browser And Steals Cryptocurrency
Clipboard-injecting Malware Disguises Itself As Tor Browser And Steals Cryptocurrency
Consider using the Tor browser to browse the internet anonymously while you are a resident of Russia. There is an issue. Many Russians discover that their ISP has restricted access to the Tor website. What do you do then?
ALSO, READ Shein’s Android App Caught Transmitting Clipboard Data to Remote Servers
You could attempt to download Tor from a location other than the official Tor website. But is the Tor version you downloaded from a torrent or unofficial website reliable? Perhaps not, says a report from Russian antivirus company Kaspersky.
According to Kaspersky researchers, malware that has stolen almost US $400,000 in cryptocurrencies from almost 16,000 people worldwide has been distributed as copies of Tor. The researchers claim that boobytrapped installers provide Russian language packs among a variety of regional language packs for Tor.
ALSO, READ Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware
Clipboard-injecting Malware Disguises Itself As Tor Browser And Steals Cryptocurrency

Once installed, the malware snoops on your Windows clipboard.
If it discovers what it thinks to be an address for a cryptocurrency wallet in your clipboard, it replaces it with an attacker-controlled address.
The end result is that even though you could think you’re putting cryptocurrencies into your own wallet, you’re giving it to a cybercriminal.
ALSO, READ Fake GPT Chrome Extension Steals Facebook Sessions And Breaks Into Accounts
Ouch. I found it amusing when the Kaspersky team offered this straightforward advice for determining whether your machine has been compromised:
Type or copy the following “Bitcoin address” in Notepad:
bc1heymalwarehowaboutyoureplacethisaddress
Now press Ctrl+C and Ctrl+V. If the address changes to something else — the system is likely compromised by a clipboard-injector type of malware, and is dangerous to use.

I don’t think I’d rely on that test alone to tell if my computer was compromised by the clipboard-injecting malware, but it’s an interesting thing to try.
ALSO, READ Cybersecurity Threat: A Growing Issue In Nigeria – NCC Research
If you’re in any doubt, it’s perhaps safest to always assume your computer is compromised.
Be First to Comment