Seeking online privacy is both easy and difficult in this day and age. It is almost impossible to do so without utilizing a third-party solution. For some, that solution is a VPN, whereas others use the Tor Browser. It now seems a malicious version of this browser is making the rounds, with the sole purpose of stealing Bitcoin balances.
The Success of the Tor Browser
It is evident that using the internet opens up consumers to all kinds of data harvesting, snooping, spam, and advertising. Not everyone wants to be part of those schemes, which often forces users to find alternatives. Using the Tor Browser has become very popular in this regard, primarily because it provides the tools and services users are effectively looking for. it is also a free piece of software, which further contributes to its popularity.
One could argue the Tor browser is primarily used to access the darknet. While that is one of its core functionalities, it is not the main purpose for most users. Some statistics indicate this project is used by over 2 million users on a rather regular basis. That number only represents those who connect directly to the network without going through a node first. As such, the actual user base is probably a lot larger.
The Fake Version
Not too many people would be surprised to learn that there are many different iterations of the Tor Browser. Every version that is not distributed by the official developers poses a potential security risk. One of the Russian versions of this browser contains at least one Trojan Horse, which is designed to steal users’ Bitcoin balances. Bitcoin is still the primary cryptocurrency sued on the darknet, either for legitimate or illicit purposes.
Security researchers at ESET discovered the malicious version earlier this week. It appears the people responsible for this malicious version aim to target Russian darknet users first and foremost. More specifically, they want to affect users visiting the most popular darknet markets in Russia today. The software is gaining popularity because users are tricked into believing their version is outdated. Once users click on the link they will download the version with the Trojan Horse automatically.
Not a big Success yet
Despite this widespread campaign in Russia, it appears the criminals behind this project haven’t seen much success just yet. Sources claim just under 4.8 Bitcoin has been stolen to date, although that number will undoubtedly increase in the weeks to come. The criminals also aim to steal from QIWI users. For those unaware, QIWI is a very popular Russian digital payment provider.