"Trojanized Tor Browser Installers Spreading Crypto-Stealing Clipper Malware"

Since September 2022, trojanized installers for the Tor anonymity browser have been used to target users in Russia and Eastern Europe with clipper malware aimed at stealing cryptocurrencies. According to researchers, clipboard injectors can remain silent for years, with no network activity or other indications of their presence, until the day when they replace a cryptocurrency wallet address. Clipper malware is evasive because its malicious processes are not activated unless the clipboard data fulfills certain requirements. It is not immediately apparent how the installers are distributed. However, since the Tor Project's website has faced blockades in Russia in recent years, torrent downloads or the use of an unknown third-party source has increased. Regardless of the distribution method used, the installer simultaneously runs the legitimate executable and launches the clipper payload that is designed to monitor the clipboard content. This article continues to discuss the spread of cryptocurrency-stealing malware via trojanized installers for the Tor anonymity browser.

THN reports "Trojanized Tor Browser Installers Spreading Crypto-Stealing Clipper Malware"