Tor, the popular privacy-focused Internet browser with built-in VPN, has apparently been compromised according to a report from researchers at the Slovakian security company ESET.

ESET is a multi-award-winning internet security company that competes with the likes of Symantec, McAfee and Trend Micro. Its research in regards to cybersecurity is considered to be some of the best in the world.

Researchers from ESET have discovered a specific version of Tor, aimed at the Russian market, has been altered and is being marketed online under the guise of being a genuine Tor product. The corrupt version acts as a Trojan virus, using the software to sneak malicious malware onto the user’s computer that then secretly steals Bitcoin and sends it to the hacker’s address. So far the hackers have managed to get away with over US$40,000 worth of Bitcoin.

The malware is spread by displaying a fake update page warning the user that their browser is out of date and their anonymity is compromised. A link on the page to update the browser takes them to a fake but realistic-looking Tor update page from which the unsuspecting user installs the compromised version.

The websites operate from two domain names – tor-browser[.]org and torproect[.]org – that look realistic, especially to Russian users who may not notice the slight discrepancy in spelling. The malware has been promoted by hackers on various Russian websites and cryptocurrency forums, especially those popular with censorship and privacy enthusiasts.

Incredibly, it appears the malware has been circulating for years unnoticed, with some early thefts going back as far as 2017. While ESET has managed to identify and expose the issue, it is uncertain at this time whether they can control it. Users who believe they may have been compromised should run a full, updated malware scan and reinstall a fresh version of the Tor browser from a recognized source.