{"id":76439,"date":"2023-03-30T11:05:34","date_gmt":"2023-03-30T08:05:34","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=76439"},"modified":"2025-09-10T17:25:34","modified_gmt":"2025-09-10T14:25:34","slug":"hackers-stole-bitcoins-in-52-countries-via-a-fake-tor-browser","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hackers-stole-bitcoins-in-52-countries-via-a-fake-tor-browser\/","title":{"rendered":"Hackers stole bitcoins in 52 countries via a fake Tor browser"},"content":{"rendered":"

Malicious actors are distributing the CryptoClipper Trojan disguised as the Tor browser on third-party websites. This was \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438<\/a> experts at Kaspersky Lab.<\/p>\n

Once it infects a victim’s system, the clipper registers itself in startup under the guise of a popular application, such as uTorrent.<\/p>\n

\"tor-diagram1\"
Data: ‘Kaspersky Lab’.<\/figcaption><\/figure>\n

When it detects a cryptocurrency address in the clipboard, it automatically replaces it with one of the attacker\\’s wallets. The clipper is capable of substitutions in the networks of Bitcoin, Ethereum, Litecoin, Dogecoin and Monero.<\/p>\n

The campaign has already affected more than 15,000 users in 52 countries. The highest number of attacks has been recorded in Russia, where the Tor browser has been blocked since the end of 2021<\/a>. Rounding out the top ten countries by victims are the United States, Germany, Uzbekistan, Belarus, China, the Netherlands, the United Kingdom and France.<\/p>\n

Experts estimate that in 2023, using the malware, more than $400,000 in cryptocurrency was stolen.<\/p>\n

Earlier, ESET Research researchers uncovered Trojan\u2011like variants of Telegram and WhatsApp for Android and Windows, aimed at stealing cryptocurrency and able to recognise seed phrases from screenshots<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Malicious actors are distributing the CryptoClipper trojan disguised as the Tor browser on third-party websites.<\/p>\n","protected":false},"author":1,"featured_media":26216,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1553,49],"class_list":["post-76439","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-kaspersky-lab","tag-tor"],"aioseo_notices":[],"amp_enabled":true,"views":"23","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/76439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=76439"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/76439\/revisions"}],"predecessor-version":[{"id":76440,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/76439\/revisions\/76440"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/26216"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=76439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=76439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=76439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}