Threat actors have launched global attacks leveraging malicious Tor browser installers
to facilitate the distribution of a clipboard-hijacking malware aimed at exfiltrating cryptocurrency assets, reports BleepingComputer
Most of the trojanized Tor installers have been targeted at Russia and Eastern Europe but attacks were also observed in the U.S., France, Germany, China, the Netherlands, and the U.K., according to a Kaspersky report.
Researchers found that clipboards are being tracked by the malware for crypto wallet addresses, with detected addresses being replaced with ones belonging to the attackers. Nearly $400,000 worth of cryptocurrency has been stolen in the attacks, which were found to be a part of a single campaign.
Users have been urged to download software only from the Tor Project website to avoid clipboard hijackers.
Meanwhile, possible infections could be checked by pasting the "bc1heymalwarehowaboutyoureplacethisaddress" address to their Notepads, with a replacement indicating system compromise.