HQ/EMEAFind out how we can help your business
Hackers have used trojanised Tor installers to exploit the Onion Protocol. The attackers conducted this campaign to access the dark web through the Tor browser.
Researchers explained that the attackers advertised these fake Tor installations as a more secure version of the legitimate Tor Project. Moreover, these counterfeit installers have reached countries that ban the Onion protocol and prevent users from accessing the dark web.
The trojanised Tor installers have already reached more than 50 countries.
A recent tally revealed that the trojanised Tor installers had infected 52 countries since last year. In addition, the infection has already earned more than $400,000 worth of cryptocurrency.
The most impacted entities came from Russia and Eastern Europe. On the other hand, the United States, China, France, the United Kingdom, and Germany have also suffered from this campaign.
According to investigations, the threat operator used the Enigma packer v4[.]0 to protect its clipboard-injector malware. Moreover, the researchers believe the malware developers utilised a cracked version of the packer since they have yet to find license information.
Next, the malware incorporates Windows clipboard viewers to notify operators when the data changes. Subsequently, the malware could scan text with a set of attached regular expressions and alters any matches with a randomly selected address from a hardcoded list.
The attack poses a significant threat to many despite lacking sophistication. The operation could also allow its hackers to perform irreversible money transactions.
Unfortunately, the most problematic part of the attack is that it complicates the detection of clipboard injection, resulting in a more passive and obfuscated attack. This strategy mitigates the effect of automatic sandboxes that spots malicious activities.
Cybersecurity experts warn users not to download or execute Tor installers from a third-party store or unknown sources. Fortunately, advanced cybersecurity solutions could easily detect these malicious installers; hence, users should acquire such a defence mechanism.
The cryptocurrency landscape has faced several threats over the past years. Crypto heists have become more prevalent among threat actors. Therefore, crypto fund owners should adopt security measures to thwart such malicious activities efficiently.
