New clipper malware steals $400,000 in cryptocurrencies via fake Tor Browser

CYBERCRIME

Kaspersky researchers have discovered an ongoing disruptive cryptocurrency theft campaign affecting more than 15,000 users across 52 countries. Distributed under the guise of Tor Browser, the malware operates by replacing a portion of the entered clipboard contents with the cybercriminal’s own wallet address once it detects a wallet address in the clipboard. It is estimated that – so far in 2023 – cybercriminals have been able to steal approximately US$400,000 using this malware.

While this technique has been around for more than a decade and was originally used by banking trojans to replace bank account numbers, with the rise of cryptocurrency, this new type of malware is now actively targeting crypto owners and traders.

One recent malware development involves the use of Tor Browser, a tool used to access the deeper web. The target user downloads a trojanized version of the Tor Browser from a third-party resource containing a password protected RAR archive. The purpose of the password is to prevent detection by security solutions. Once the file is dropped inside the user’s system, it registers itself in the system’s auto-start and is masqueraded with an icon of a popular application, such as uTorrent.

Kaspersky technologies have detected more than 15,000 attacks using clipboard injector malware targeting cryptocurrencies like Bitcoin, Ethereum, Litecoin, Dogecoin, and Monero. These attacks have spread to at least 52 countries, with the majority of detections in Russia due to users downloading the infected Tor Browser from third-party websites as this browser is officially blocked in the country. The top 10 affected countries also include the United States, Germany, Uzbekistan, Belarus, China, the Netherlands, the United Kingdom, and France. This means the actual number of infections may be much higher than reported.

Based on the analysis of existing samples, the estimated loss for users is at least US$400,000, but the actual amount stolen could be much greater, as this research focuses only on Tor Browser abuse. Other campaigns may use different software and malware delivery methods, as well as other types of wallets.

“Despite the fake Tor Browser attack’s fundamental simplicity, it poses a greater danger than it seems. Not only does it create irreversible money transfers, but it is also passive and hard to detect for a regular user. Most malware requires a communication channel between the malware operator and the victim’s system. On the contrary, clipboard injectors can remain silent for years, with no network activity or other signs of presence until the day they replace a crypto wallet address,” comments Vitaly Kamluk, Head of APAC Unit, Global Research & Analysis Team.

Learn more about the new Clipper malware on Securelist.com.

To keep cryptocurrency safe, Kaspersky experts also advise users:

Only download software from trusted sources: avoid downloading software from third-party websites, and use official sources whenever possible. Always verify the authenticity of the software before downloading it.
Keep your software updated: Ensure your operating system, browser, and other software are up-to-date with the latest security patches and updates. This helps to prevent known vulnerabilities from being exploited.
Use security solutions: a reliable security solution will protect your devices from various types of threats. Kaspersky Premium prevents all known and unknown cryptocurrency malware.
Be cautious with email links and attachments: Do not click on links or download attachments from suspicious or unknown sources, as these may contain malware.
Check for digital signatures: Before downloading any software, check for digital signatures to ensure that the software is authentic and has not been tampered with.

-Ends-

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at https://me-en.kaspersky.com/.

Media Relations:
Amine Mneimne
amneimne@golin-mena.com
Golin MENA, Dubai

New clipper malware steals $400,000 in cryptocurrencies via fake Tor Browser

DISCOVER MORE

Espace Real Estate’s Q1 report analyses sales and rental figures across 30 popular Dubai residential communities

Mayo Clinic research finds a connection between Social Network Index score and AI-determined biological age

Nutanix study finds AI, security, and sustainability are driving the need for IT infrastructure modernization in healthcare

GCC countries must strengthen supply chains to safeguard industrial growth strategies - Oliver Wyman report

World Bank projects GCC growth rate to score 3.6% in 2024 and 3.8% in 2025

IATA and partners release Aviation Net Zero Roadmaps Comparative Review

GCC banks fortify their defences against email fraud

Unveiling trends: ITIDA highlights software development as most in-demand in Egypt's ICT job market

Albal Design launches UAE's first science based interior design concept

creator-focused SocialFi platform Lyvely gears up for $LVLY token launch

Changer, leading European club for high-net individuals, sets its sights on Dubai to foster innovations and angel investments

Emirates REIT achieves highest ever property income

Beltone Venture Capital signs partnership agreement with UAE-based investment group Citadel International Holdings

UK police lead global operation against phishing website platform

Financial sector lost $12bln in 20 years due to cyberattacks: IMF

Cybercrime cases continue to rise, up 21.84% in Q1 in Philippines

UAE residents urged to stay vigilant amid cyber threats; tips to spot phishing emails

Russian official says election video surveillance systems in Siberia hit by cyberattack - TASS

LATEST VIDEO

VIDEO: Shipping freight rates may rise amid rising tensions between Iran, Israel

ZAWYA COVERAGE

Emirates Islamic concludes debut $500 million financing facility

Binance gets full Dubai licence following CZ exit - Bloomberg

Investment banking fees generated in MENA reached $295.1mln in Q1 2024

Saudi Tadawul launches single stock contracts on Maaden stock

Pilot of first solar flight plans first hydrogen flight from Abu Dhabi

Air Arabia resumes scheduled operations

Egypt expects 4% economic growth in FY2024/25

Egypt: Cabinet ratifies draft on establishing private free zone in Safaga

IMF tells Asian central banks not to follow Fed too closely

THE BRI REPORT

China’s flagship global infrastructure initiative is changing in the face of potent headwinds