3 Apr. (Portaltic/EP) –
A campaign of cryptocurrency theft based on a new Clipper malware has managed to scam at least 400,000 dollars (about 367,000 euros) so far in 2023, affected by 15,000 users from 52 different countries through a Fake Tor Browser.
The attacks of Clipper-type malware they are an evolved technique from what banking Trojans originally posed to replace account numbers. Now, with the rise of cryptocurrencies, ‘malware’ has evolved and its action is based on check if the victim’s clipboard contains cryptocurrency wallet addresses. If yes, Clipper exchange for others that are owned by cybercriminals.
This evolution involves the use of tor browser (The Onion Router), which is used by users to access the deep web and carry out your cryptocurrency transactions in a private environment. This is because with it you can isolate the websites that are visited, getting avoid tracking by third-party trackers and advertising. Likewise, Tor also automatically deletes cookies and browsing history.
In this sense, as reported by the experts of the cybersecurity company Kasperskywho have discovered this theft campaign, the malicious actors used a fake Tor browser to introduce Clipper malware and manage to steal the money from the transactions by sending it to your account.
Thus, when affected users tried to install Tor Browser, they unknowingly downloaded a fake site that contained a password protected RAR file so that security solutions could not detect the ‘malware’. Once downloaded, the file with Clipper will be logged on autoboot and camouflaged as the icon of a “popularly used” application such as uTorrent.
In this way, the ‘malware’ was launched ensuring that the payment of the transactions with cryptocurrencies are made to the cybercriminal and not to the user who really should receive this amount.
Specifically, Kaspersky has identified more than 15,000 attacks through this method in cryptocurrency transactionsbetween them, Bitcoin, Ethereum, LitecoinDogecoin or Monero.
In addition, according to the company’s security systems, these attacks have been registered in at least 52 countries of all the world. Thus, most cases have been detected in Russia, where Tor is officially blocked and users have to download it from third-party websites. they follow him United States, Germany, Uzbekistan, Belarus, China, Netherlands, UK and France.
In this campaign, as Kaspersky has identified, the losses accounted for in the course of 2023 amount to, at least 400,000 dollars (367,000 euros). Despite all this, the company also warns that the number of attacked users and infections with Clipper “could be much higher”, since its investigation has only focused on the campaign with the Tor browser.
As explained by the Head of the APAC Unit, Kaspersky Global Research and Analysis Team, Vitaly Kamluk, the attack through the fake version of Tor “involves a greater danger than you might think.” As he has developed, this attack manages to execute “irreversible” monetary transfers and, furthermore, “it is very hard to spot.”
Another of the most dangerous characteristics of this ‘malware’, according to Kamluk, is its ability to stay installed “quietly for years”hidden until it replaces the address of a crypto wallet.
TO PROTECT CRYPTOCURRENCIES
Due to this campaign of attacks, Kaspersky has reminded that it is important download ‘software’ only from official sources whenever possible, in addition to verifying the identity of the site before downloading it.
On the other hand, the cybersecurity company also recommends always keep the ‘software’ updated, since, in this way, the user ensures that both the operating system, the browser and other programs always have the latest patches and updates.
Likewise, one must have caution with downloaded attachmentsas well as with the links received by mail. In this regard, Kaspersky reiterates that you should not download files from unknown sources or click on any suspicious links, since may contain ‘malware’. And he also points out the importance of using trusted security solutions