ESET Discovers a Trojanized Tor Browser that’s Made to Steal Bitcoin


As part of a new decisive tactic, hackers are utilizing a manipulated version of Tor Browser to eavesdrop on users and nab their Bitcoin. This fake browser consists of suspicious plugins that take down the computer system and allow hackers to gain access.

Researchers from ESET, a cyber-defense firm, unveiled the alarming threats of this malicious Tor Browser. According to them, online transactions carried out through this version has led to Bitcoin being lost to date. The infected Tor Browser automatically alters the address of the targeted Bitcoin wallet and directs them to the hacker’s account as the users deposit funds to their wallet or add payments on Dark Web Marketplaces.

Anton Cherepanov, ESET’s senior malware researcher conducted research had resulted in the identification of three Bitcoin wallets being used by the hackers since 2017.

According to Cherepanov, each of the three infected Bitcoin wallets is comprised of numerous small transactions. These transactions were used by the ESET’s research team to confirm the existence of trojanized Tor Browser.

During the completion of the research, the three wallets had already obtained 4.8 BTC or approximately 38,700 US dollars. But according to the cyber-defense firm, the robbed quantity would be much higher as the QIWI’s, a Russian Payments Service, is one of the targeted entities as well. Notably, Tor users who speak the Russian language are the primary victims of this cyber hacking campaign.

Tor is a network employed to maintain confidentiality and prevent unwanted surveillance. According to ESET, the cyber-hackers dispense the ill-natured Tor browser through and forums, targeting potential downloads from language-specific audiences. The main goal of the campaign is to dupe the targets without any signs of upcoming deceptions.

The entire process includes two reliable-looking websites. The first website shows a fake warning that the current version of their Tor browser runs outdated. Targets who get deceived and click on the “update” button are then directed to the second website that contains the installer of the counterfeited browser version.

Once the fake browser enters the computer system, the hackers get keen access to the users’ data on the web pages they visited. With this, they can easily collect information and change specific details, including the Bitcoin addresses, beyond the users’ knowledge.     


Please enter your comment!
Please enter your name here