Simurgh is stand-alone proxy software that has been used mainly by Iranians and Syrians to bypass state censorship. However, Citizen Lab discovered a compromised version with a backdoor to the victim’s system that enables data mining and keystroke logging.
“This trojan has been specifically crafted to target people attempting to evade government censorship. Given the intended purpose of this software, users must be very careful if they have been infected by this trojan”, explained Morgan Marquis-Boire with Citizen Lab.
“Additionally, they should be cautious about installing software, especially circumvention software, from untrusted sources. Where possible, software should be downloaded from trusted official websites over HTTPS. If checksums or cryptographic signatures are provided by the software vendor, these should be checked prior to installation”, Marquis-Boire added.
In an update to the original blog, Citizen Lab noted that the Simurgh team has issued a warning about the trojanized version on its website along with instructions on how to check for the malware. In addition, the provider who was hosing the compromised version of Simurgh has taken it down.