ESET experts have uncovered a new malicious campaign aimed at Russian-speaking users of the World Wide Web.
Cybercriminals have been spreading the infected Tor browser for several years, using it to spy on victims and steal their bitcoins. The infected web browser was distributed through various forums under the guise of the official Russian version of Tor Browser.
The malware allows attackers to see which sites the victim is currently visiting. Theoretically, they can also change the content of the visited page, intercept the input data and show fake messages on the sites.
βThe criminals did not change the browser binaries. Instead, they made changes to the settings and extensions, so ordinary users might not notice the difference between the original and infected versions,β ESET experts say.
The attack scheme also involves changing the address of wallets of the QIWI payment system. The malicious version of Tor automatically replaces the original bitcoin wallet address with the address of the criminals when the victim tries to pay for a purchase with bitcoins.
The damage from actions of malefactors has made at least 2,5 million rubles. The actual size of the theft of funds can be much higher.
Source: 3dnews.ru