Watch where you download your Tor browser from…

…or any other software.

Governments around the world, including for instance Russia, ban Tor web sites from the internet in their countries as it is a very effective way for users to conceal their IP address from authorities. However this had led to a rise in other sites offering Tor downloads. The threat actors take advantage of this setting up their own sites with malware infected “Tor browsers”, often referred to as “security enhanced” Tor.

Trojanized Tor browsers target Russians with crypto-stealing malware (bleepingcomputer.com)

Although targeting primarily Russians, if it works in one place the threat actors are likely to expand their activity.

Knowing that the source of any software you use is secure and legal is essential. App stores and official web sites are good clean sources of software, although App stores do have their issues. This is doubly so for Android apps from the Google store.

Your take away

Make sure you specify, control and check the software your team uses – this is why issuing organisation owned equipment is always best as you, your IT support and Cyber Security team have complete control over this equipment. However when it comes to phones, many organisations rely on employee owned devices. It is more difficult to have the required control of these devices. Take particular care if the employee uses an Android phone and on both Apple and Android device exercise control over what information they can access on their phones.

Here is why you need to think about the smartphones that have access to your information:

Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)

Impacting both iOS and Android devices.

Clive Catton MSc (Cyber Security) – by-line and other articles