Of recent, the ESET research team discovered a malware inside a Tor Browser version that fishes Bitcoin out of darknet shoppers. For a very long time now, hackers have been using Bitcoin-stealing malware as well as hidden mining malware. In the course of using it to extort Bitcoin from online traders, they have been improving it on yearly basis against counter measures of IT security companies. For a long time, Bitcoin and Privacy focused coins have been embraced and actively used for shopping on the darknet.
Still of recent, Bloomberg wrote that a popular child porn website, which accepted Bitcoin as means of settling its financial transactions was shut down by South Korean Authorities. This is just one among the many Bitcoin financial transactions being carried out on the darknet on daily basis. However, the ESET research team found out that hackers have been stealing Bitcoin from users who conduct purchases on the darknet.
How much Bitcoin (BTC) has been stolen?
As of the writing time, the amount of Bitcoin that has been stolen is slightly over $40,000 (slightly below 4 BTC). However, the ESET research team warns that there is a possibility that the amount of stolen Bitcoin is actually higher that what these figures display. The report of the ESET research team says: “This trojanized Tor Browser is a non-typical form of malware, designed to steal digital currency from visitors to darknet markets. Criminals didn’t modify binary components of the Tor Browser; instead, they introduced changes to settings and the HTTPS Everywhere extension. This has allowed them to steal digital money, unnoticed, for years.”
How the hacker’s scheme works?
Here, two websites show visitors a message that they have an old version of Tor browser. It does this by showing an option to install a new one that includes all the necessary updates. The users are then redirected to a page for downloading a windows version of updated Tor browser. Note that the ESET research team claims that this malware version of VPN browser is offered only to Windows users. Whenever all future victims start topping their Bitcoin wallets via cash terminals, the trojanized Tor browser automatically changes their addresses to that of the hacker.