Researchers at Kaspersky have discovered an ongoing cryptocurrency theft campaign that has affected over 15,000 users across 52 countries. The malware disguises itself as Tor Browser and operates by replacing a part of the clipboard contents with the cybercriminal’s wallet address whenever it detects a cryptocurrency wallet address in the clipboard. Cybercriminals have been able to steal approximately US$400,000 using this technique in 2023 so far. The malware campaign is actively targeting cryptocurrency owners and traders, using Trojans to replace bank account numbers, with Tor Browser being a recent development. Kaspersky detected over 15,000 attacks using clipboard injector malware targeting cryptocurrencies like Bitcoin, Ethereum, Litecoin, Dogecoin, and Monero. The malware was detected in at least 52 countries worldwide, with the majority of detections in Russia due to users downloading the infected Tor Browser from third-party websites as this browser is officially blocked in the country. The actual number of infections may be much higher than reported. The estimated loss for users is at least US$400,000, but the actual amount stolen could be much greater.
To keep cryptocurrency safe, Kaspersky recommends the following:
- Only download software from trusted sources: Avoid downloading software from third-party websites and use official sources whenever possible. Always verify the authenticity of the software before downloading it.
- Keep your software updated: Ensure your operating system, browser, and other software are up-to-date with the latest security patches and updates. This helps to prevent known vulnerabilities from being exploited.
- Use security solutions: a reliable security solution will protect your devices from various types of threats. Kaspersky Premium prevents all known and unknown cryptocurrency malware.
- Be cautious with email links and attachments: Do not click on links or download attachments from suspicious or unknown sources, as these may contain malware.
- Check for digital signatures: Before downloading any software, check for digital signatures to ensure that the software is authentic and has not been tampered with.
29 March 2023
