Hackers have been using Bitcoin-stealing malware and malware for hidden mining for a long time, improving it against counter measures of IT security companies every year. Bitcoin and privacy-focused coins have been long used for shopping on the darknet.
Recently, Bloomberg wrote that a large child porn website, which accepted Bitcoin, was shut down by South Korean authorities.
However, now the ESET research team has found that hackers have been stealing Bitcoin from Russian-language users who conduct purchases on the darkweb.
How the hackers’ scheme works
Two websites show visitors a message that they have an old version of Tor Browser and offer them to install a new one, with all the necessary updates included.
Then users are redirected to a page for downloading a Windows version of updated Tor browser. The ESET team claims that this malware version of the famous VPN browser is offered only to Windows users.
When future victims start topping up their Bitcoin wallets via cash terminals or their online wallets, the trojanized Tor Browser changes their addresses to the hackers' BTC addresses.
How much BTC has been stolen
So far, the amount of stolen BTC totals a little over $40,000 (slightly under 4 BTC). However, the ESET team warns that the actual amount of BTC is likely to be much higher.
The report of the ESET team says:
“This trojanized Tor Browser is a non-typical form of malware, designed to steal digital currency from visitors to darknet markets. Criminals didn’t modify binary components of the Tor Browser; instead, they introduced changes to settings and the HTTPS Everywhere extension. This has allowed them to steal digital money, unnoticed, for years.”
Do you believe that darkweb users deserve to lose their Bitcoin to hackers? Share your opinion in the comments section below!