Let’s say you live in Russia and want to use the Tor browser to anonymize your web browsing.

There is a problem.Many people in Russia do not have access to Tor’s official website. Blocked by ISP.

So what do you do?

Well you can try to find a place other than Tor official website Download Tor from

But can you trust versions of Tor downloaded from torrents or third-party sites?

according to report It may not be from Kaspersky, a Russian antivirus company.

e-mailsign up for newsletter
Security news, advice and tips.

Kaspersky thugs say they’ve seen malware distributed as a copy of Tor that stole about US$400,000 worth of cryptocurrency from about 16,000 users worldwide.

According to the researchers, the booby-trapped installer provides Tor with a selection of regional language packs, including Russian.

Tor installer malware
Tor installer malware.Source: Kaspersky

Once installed, the malware snoops the Windows Clipboard.

Checking the clipboard for what appears to be a cryptocurrency wallet address, it replaces it with an address controller by the attacker.

In short, you may think you are transferring cryptocurrency to your wallet, but it is actually in the hands of cybercriminals.


I was amused to see Kaspersky’s team suggest a simple way to check if a system has been compromised.

Type or copy the following “Bitcoin Address” into Notepad. bc1heymalwarehowaboutyoureplacethisaddress

Now press Ctrl+C and Ctrl+V. If the address changes to something else — your system may be compromised by clipboard injector type malware and is dangerous to use.

clipboard injection
Malware that modifies wallet addresses via clipboard injection.Source: Kaspersky

I wouldn’t rely solely on that test to determine if my computer was compromised by clipboard-inserting malware, but it would be interesting to try.

When in doubt, it’s probably safest to always assume that your computer has been compromised.

Did you find this article interesting? Follow Graham Cluley on Twitter again Mastodon To read more about the exclusive content we post.

Graham Cluley is a veteran of the antivirus industry and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he is an analyst and makes regular media appearances and lectures internationally on the topics of computer he security, hackers and online he privacy. Follow him on Twitter. @gcluleyfor Mastodon @[email protected]or drop him an email.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog