Hackers Steal Bitcoin from DarkNet Market Buyers via Fake Tor Browser, ESET Team Reports

Fri, 10/18/2019 - 12:59
Yuri Molchan
The ESET research team discovers malware inside a Tor Browser version that fishes Bitcoin out of darknet shoppers
Cover image via www.123rf.com

Hackers have been using Bitcoin-stealing malware and malware for hidden mining for a long time, improving it against counter measures of IT security companies every year. Bitcoin and privacy-focused coins have been long used for shopping on the darknet.

Recently, Bloomberg wrote that a large child porn website, which accepted Bitcoin, was shut down by South Korean authorities.

However, now the ESET research team has found that hackers have been stealing Bitcoin from Russian-language users who conduct purchases on the darkweb.

Bitcoin Price Expected to Fall to $6k, Historical Data Indicates Big Rally Will Follow

How the hackers’ scheme works

Two websites show visitors a message that they have an old version of Tor Browser and offer them to install a new one, with all the necessary updates included.

Then users are redirected to a page for downloading a Windows version of updated Tor browser. The ESET team claims that this malware version of the famous VPN browser is offered only to Windows users.

When future victims start topping up their Bitcoin wallets via cash terminals or their online wallets, the trojanized Tor Browser changes their addresses to the hackers' BTC addresses.

Ripple Confirms Bank of America Is Customer That Has Been Testing XRPL-Based Product

How much BTC has been stolen

So far, the amount of stolen BTC totals a little over $40,000 (slightly under 4 BTC). However, the ESET team warns that the actual amount of BTC is likely to be much higher.

The report of the ESET team says:

“This trojanized Tor Browser is a non-typical form of malware, designed to steal digital currency from visitors to darknet markets. Criminals didn’t modify binary components of the Tor Browser; instead, they introduced changes to settings and the HTTPS Everywhere extension. This has allowed them to steal digital money, unnoticed, for years.”


Do you believe that darkweb users deserve to lose their Bitcoin to hackers? Share your opinion in the comments section below!

Subscribe to U.Today on Twitter and get involved in all top daily crypto news, stories and price predictions!

About the author

Yuri is a journalist interested in technology and technical innovations. He has been in crypto since 2017. Believes that blockchain and cryptocurrencies have a potential to transform the world in the future. ‘Hodls’ cryptocurrencies. Has written for several crypto media. Currently is a news writer at U.Today, can be contacted at yuri.molchan@u.today.

This site uses cookies for different purposes. Please set your preferences in Cookie Settings and visit our Cookie policy for more information on how and why cookies are used on this site. Click here for cookie policy