Researchers have identified malware associated with an unofficial version of the Tor Browser. Evidence suggests that the covert software has been tricking users into sending Bitcoin to addresses under the control of scammers.
The Tor Browser is the most popular method used to access the dark web. Many visitors to the dark web often use Bitcoin or other cryptocurrencies to buy illicit goods or services.
Has Tor Browser Been Stealing Your Bitcoin?
According to a report in Forbes, a trojanised version of the Tor Browser has been circulating amongst Russian-speaking dark web users unnoticed for years. The software is used to access a hidden part of the internet known as the dark web. The compromised version is believed to have been used mostly with the three most popular Russian dark web markets, as well as a national money transfer service, QIWI.
The malware-infected software, downloaded in place of the official Tor Browser, allows those behind it to not only see which pages a user visits but also to change Bitcoin addresses on those pages. Given that the most common use of the Tor Browser software is to visit dark web markets, this could have been a very lucrative scam indeed.
Anton Cherepanov, a senior researcher behind the discovery from the internet security company ESET, commented the following on the newly-discovered malware:
“In theory, they can change the content of the visited page, grab the data the victim fills in to forms and display fake messages, among other activities. However, we have seen only one particular functionality–changing the bitcoin and cryptocurrency wallets.”
The researcher continued, stating that it would be very difficult for non-technical users to tell the difference between the genuine Tor Browser and the one infected with malware.
So far, ESET researchers claim to have confirmed 4.8 stolen Bitcoin (around $40,000 at the time of writing) using the malware. These funds were found in three Bitcoin wallets. The researchers point to the large numbers of relatively small transactions as signs that these wallets were used as part of the scam. Although not a massive haul, the real figure of profit generated could be far higher, as Cherepanov acknowledged:
“It should be noted that the real amount of stolen money is higher because the trojanized Tor Browser also alters QIWI wallets.”
Bitcoin has long been associated with dark net market places. One of the incidents that first brought the cryptocurrency mass attention was the law enforcement operation against the original dark web marketplace, Silk Road. However, as NewsBTC reported yesterday, authorities are getting increasing savvy at catching those using Bitcoin for illicit purposes. Analysis of the Bitcoin blockchain actually helped to bring to justice hundreds involved in what has been described as the largest child pornography ring ever.