Let’s say you live in Russia and want to use the Tor browser to anonymize your web browsing.
There is a problem. Many people in Russia find their access to the official Tor website blocked by their ISP.
So what do you do?
Well you can Try to find places other than the official Tor website to download Tor.
But can you trust versions of Tor downloaded from torrents or third-party sites?
Probably not, according to a report by Russian antivirus company Kaspersky.
sign up for newsletterSecurity news, advice and tips.
Kaspersky thugs say they’ve seen malware distributed as a copy of Tor that stole about US$400,000 worth of cryptocurrency from about 16,000 users worldwide.
According to the researchers, the booby-trapped installer provides Tor with a selection of regional language packs, including Russian.
Once installed, the malware snoops the Windows Clipboard.
Checking the clipboard for what appears to be a cryptocurrency wallet address, it replaces it with an address controller by the attacker.
In short, you may think you are transferring cryptocurrency to your wallet, but it is actually in the hands of cybercriminals.
ah.
I was amused to see Kaspersky’s team suggest a simple way to check if a system has been compromised.
Type or copy the following “Bitcoin Address” into Notepad.
bc1heymalwarehowaboutyoureplacethisaddressNow press Ctrl+C and Ctrl+V. If the address changes to something else — your system may be compromised by clipboard injector type malware and is dangerous to use.
I wouldn’t rely solely on that test to determine if my computer was compromised by clipboard-inserting malware, but it would be interesting to try.
When in doubt, it’s probably safest to always assume that your computer has been compromised.
Did you find this article interesting? Follow Graham Cluley on Twitter Or you can read more exclusive content we post on Mastodon.
