Attackers have already stolen $400,000 in cryptocurrencies.
Unknown hackers launched a malware campaign that targeted more than 15,000 users in 52 countries and resulted in the theft of over $400,000, according to Kaspersky Lab security researchers. The attackers used a trojanized version of the Tor Browser to access users’ devices and steal their funds.
Security experts say that cybercriminals are using clipboard injector malware to spoof data on the clipboard. This type of software has existed for over ten years and is actively used by hackers to spoof bank card data. The current clipboard injector malware campaign focuses on cryptocurrencies and spoofs the user’s cryptocurrency wallet address.
Russia is under attack
The malware is hidden in an infected Tor Browser – software used to access the deep web. A successful attack requires the victim to download the RAR archive with the trojanized Tor, which is password-protected, helping it bypass security solutions.
After installation, the malware disguises itself as icons of popular apps and registers in the system autorun. Then the clipboard injector can wait for a long time until the cryptocurrency wallet address appears in the clipboard.
The attack has already affected over 15,000 users in 52 countries, with the largest number of cases of infection registered in Russia due to the ban on the Tor Browser in this country. Users who were unable to download the software from the official site downloaded it from third-party resources containing infected browsers. A large number of victims in the US, Ukraine, Germany, China, Belarus, and Uzbekistan have also been reported.