Clipboard-injecting malware disguises itself as Tor browser, steals cryptocurrency • Graham Cluley


Clipboard-injecting malware disguises itself as Tor browser, steals cryptocurrency

Think about you reside in Russia and wish to use the Tor browser to anonymise your shopping of the online.

There’s an issue. Many individuals in Russia discover their entry to the official Tor web site is blocked by their ISP.

So, what do you do?

Nicely, you may attempt to discover someplace aside from the official Tor web site to obtain Tor from.

However is the model of Tor you downloaded from a torrent or third-party website reliable?

In accordance with a report from Russian anti-virus outfit Kaspersky, maybe not.

EmailSignal as much as our publication
Safety information, recommendation, and ideas.

Kaspersky boffins say that they’ve seen malware distributed as copies of Tor, which has stolen roughly US $400,000 price of cryptocurrency from virtually 16,000 customers worldwide.

In accordance with the researchers, boobytrapped installers supply Tor with a number of regional language packs, together with Russian.

Tor installer malware
Tor installer malware. Supply: Kaspersky

As soon as put in, the malware snoops in your Home windows clipboard.

If it sees in your clipboard what it believes to be an tackle for a cryptocurrency pockets, it replaces it with an tackle controller by the attacker.

The upshot is that you simply may suppose you’re shifting cryptocurrency into your individual pockets, however in reality you’re placing it into the arms of a cybercriminal.


I used to be amused to see the workforce at Kaspersky recommend a merely methodology to verify whether or not you system was compromised:

Kind or copy the next “Bitcoin tackle” in Notepad: bc1heymalwarehowaboutyoureplacethisaddress

Now press Ctrl+C and Ctrl+V. If the tackle adjustments to one thing else — the system is probably going compromised by a clipboard-injector sort of malware, and is harmful to make use of.

Clipboard injection
Malware altering the pockets tackle by way of clipboard injection. Supply: Kaspersky

I don’t suppose I’d depend on that check alone to inform if my laptop was compromised by the clipboard-injecting malware, but it surely’s an attention-grabbing factor to strive.

If you happen to’re in any doubt, it’s maybe most secure to all the time assume your laptop is compromised.

Discovered this text attention-grabbing? Comply with Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we put up.

Graham Cluley is a veteran of the anti-virus trade having labored for a variety of safety firms because the early Nineteen Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Home windows. Now an unbiased safety analyst, he recurrently makes media appearances and is an worldwide public speaker on the subject of laptop safety, hackers, and on-line privateness.
Comply with him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an e-mail.