It's undeniable that threat actors are creative when it comes to scamming others and benefiting from the outcome. While some try to do it through phishing campaigns, others create fake versions of apps or browsers that will infect devices, and Tor is no exception.
Fake Tor Browser
Researchers have found versions of Tor that are fake and can be capable of stealing cryptocurrency from its victims' computers. So far, the hackers have managed to steal around $400,000 worth of tokens from those who downloaded the fake browsers.
One of the fake versions is a RAR archive that requires a password before it is extracted and downloaded. It can scan through the Windows clipboard for cryptocurrency wallets, and replace them with one that the hacker can control, according to Tech Radar.
Once the malware does its work, it's possible the unsuspecting victim would copy the attacker's address and send funds there instead. Since crypto wallet addresses are a mix of random letters and numbers, it's likely that they won't even notice that it's different.
The approximate $400,000 total comes from around 16,000 users this 2023 alone. Reports say that most of the stolen digital assets were Bitcoin with $380,000, Litecoin with $10,000, Ethereum with $4,800, and Dogecoin with $517.
The fake browser that contains the malware is spread in 52 countries, wherein the victims are mostly from Russia. This could be due to the fact that Tor was banned and censored in the country, and Russians are looking for alternatives, leading them to the fake download.
It would be hard to determine which links lead to the fake Tor browser download, but as advised by cybersecurity researchers from Kaspersky, users should watch out for installers that can be found in third-party stores or websites.
How to Prevent the Attacks?
The malware carried by the fake Tor browsers is called Trojan malware. These are usually executed once the user themself runs the program that has the malware. There are various ways you can protect yourself from such an attack.
For one, always keep your software up to date. The company behind the software usually updates them with fixes and patches for more current cyberattack methods, which can help protect you from any malware you might've accidentally downloaded.
You may also install antivirus software or trojan remover for an extra layer of security. These will scan through your computer to make sure that you can execute a file safely. You will still need to be careful which antivirus you download.
As mentioned on Kaspersky's website, some of the free Trojan removers online are not as updated as they should be and may not be able to protect your computer, and some are even Trojan malware themselves.
If you really want to be secure when it comes to your crypto wallet address, the best method is to simply write it down on paper and keep it secure. That way, you can make sure that no threat actor can access it through your computer.