Clipboard-injecting malware disguises itself as Tor browser, steals cryptocurrency • Graham Cluley

Think about you reside in Russia and need to use the Tor browser to anonymise your searching of the net.

There’s an issue. Many individuals in Russia discover their entry to the official Tor web site is blocked by their ISP.

So, what do you do?

Effectively, you may attempt to discover someplace apart from the official Tor website to obtain Tor from.

However is the model of Tor you downloaded from a torrent or third-party web site reliable?

In keeping with a report from Russian anti-virus outfit Kaspersky, maybe not.

Sign up to our newsletter
Security news, advice, and tips.

Kaspersky boffins say that they’ve seen malware distributed as copies of Tor, which has stolen roughly US $400,000 value of cryptocurrency from virtually 16,000 customers worldwide.

In keeping with the researchers, boobytrapped installers provide Tor with a collection of regional language packs, together with Russian.

Tor installer malware. Supply: Kaspersky

As soon as put in, the malware snoops in your Home windows clipboard.

If it sees in your clipboard what it believes to be an handle for a cryptocurrency pockets, it replaces it with an handle controller by the attacker.

The upshot is that you just may suppose you might be shifting cryptocurrency into your personal pockets, however in actual fact you’re placing it into the arms of a cybercriminal.

Ouch.

I used to be amused to see the staff at Kaspersky counsel a merely technique to verify whether or not you system was compromised:

Sort or copy the next “Bitcoin handle” in Notepad: bc1heymalwarehowaboutyoureplacethisaddress

Now press Ctrl+C and Ctrl+V. If the handle adjustments to one thing else — the system is probably going compromised by a clipboard-injector kind of malware, and is harmful to make use of.

Clipboard injection — Malware altering the pockets handle by means of clipboard injection. Supply: Kaspersky

I don’t suppose I’d depend on that check alone to inform if my laptop was compromised by the clipboard-injecting malware, nevertheless it’s an fascinating factor to strive.

If you happen to’re in any doubt, it’s maybe most secure to all the time assume your laptop is compromised.

Discovered this text fascinating? Follow Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we submit.

Graham Cluley is a veteran of the anti-virus trade having labored for a lot of safety firms for the reason that early Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Home windows. Now an unbiased safety analyst, he often makes media appearances and is an international public speaker on the subject of laptop safety, hackers, and on-line privateness.
Observe him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.