-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
malware detected in Tor browser #2354
Comments
Hello there 👋 Please respond as soon as possible if a Pi-Apps maintainer requests more information from you. Stale issues will be closed after a lengthy period of time with no response. |
Can confirm.
Pi-Apps downloads tor-browser from sourceforge: https://sourceforge.net/projects/tor-browser-ports |
At this time, I would like to avoid blaming the user on sourceforge for deliberately embedding malware in tor. The user seems legitimate and provides build instructions. It is possible that person's build server was compromised with Kaiji, or maybe clamscan has a false positive. |
I downloaded four different versions from the sourceforge. Malware was found in:
Not found in:
It seems to be a false positive. As I was browsing stack overflow I spotted this: https://serverfault.com/questions/1132808/clamav-detected-kaiji-malware-on-ubuntu-instance |
And what does VirusTotal write to you about infected files? |
looks like a false positive. ClamAV is the only one on virustotal to flag snowflake. Its not saying OBS4 is infected today.It did yesterday. I'll get a better AV.
Sent from Proton Mail mobile
…-------- Original Message --------
On 8 Jun 2023, 05:42, Rak1ta wrote:
And what does VirusTotal write to you about infected files?
—
Reply to this email directly, [view it on GitHub](#2354 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/BANARIMKE64KQKXEBZHMHR3XKFJ2NANCNFSM6AAAAAAY6RFRK4).
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
did this user create a github account just to make this issue and then delete it or did they get banned by github? |
Privacy-minded individuals commonly create a separate email account per app they use, closing any accounts they no longer use. This practice, when done right with Tor and adblocking, makes it virtually impossible for governmental cross-tracking, profiling, and identification. I'm not too surprised this user deleted their account. Closing the issue. |
i've scanned Tor browser on pi-apps with ClamTk and found that snowflake and obs4 contain Unix.Malware.kaiji-1000 chinese malware. I wonder if anyone else has identified this.
The text was updated successfully, but these errors were encountered: