The Tor Project has warned that an exit node in Russia is inserting malware as users download content from the anonymous network.
Tor Project director, Roger Dingledine, wrote in a note that the server in question had been flagged as a “BadExit” meaning clients should avoid it.
“We certainly do need more people thinking about more modules for the exitmap scanner,” he added. “The better approach is to have applications not blindly trust unauthenticated bits they get from the internet.”
The warning came in response to research from Josh Pitts of Leviathan Security last week, who discovered the owner of the Russian exit node compromising binaries in order to introduce malware.
Pitts explained that binaries could be “patched” during man-in-the-middle attacks and thus compromise them.
“Out of over 1,110 exit nodes on the Tor network, this is the only node that I found patching binaries, although this node attempts to patch just about all the binaries that I tested,” he added.
“The node only patched uncompressed PE files. This does not mean that other nodes on the Tor network are not patching binaries; I may not have caught them, or they may be waiting to patch only a small set of binaries.”
James Fox, director in the cybersecurity practice at KPMG, argued that the incident shows that even anonymity online doesn’t guarantee security.
“The hacking of Tor, a popular service, is another example of how malicious developers and hackers are coming up with more intricate ways to of infiltrating users’ devices,” he added, in a statement.
“The risk of pernicious malware cannot be understated, with hackers looking to use these tools to gain invaluable personal and financial information through these infected devices.”
Fox claimed that internet users increasingly need to “take control of their own security” to know that the files they click on, as employees or consumers, are from a trusted source.