Incident Response, TDR

Tor exit node found to add malware to downloaded binaries

Using an exitmap module he created, Josh Pitts, a researcher with Leviathan Security, has discovered that a Tor exit node in Russia is adding malware into downloaded binaries, according to a Thursday post.

In a Friday post, Roger Dingledine, the Tor Project director, wrote that a BadExit flag has been set to the relay to prevent others from accidentally running across it.

It is the only one of more than 1,110 exit nodes on the Tor Network found to be patching binaries, Pitts wrote, explaining the node attempts to patch nearly every binary he tested.

“The node only patched uncompressed PE files,” Pitts wrote in the post. “This does not mean that other nodes on the Tor network are not patching binaries; I may not have caught them, or they may be waiting to patch only a small set of binaries.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.