Double dipping: Diverting ransomware Bitcoin payments via .onion domains

Overview. Proofpoint researchers have been following an previously undocumented threat in which actors are stealing bitcoins via the Tor proxy onion[.]top. Operators of this proxy are surreptitiously diverting Bitcoin payments from ransomware victims to their own wallets by modifying in transit the source ...