Researchers Find Malicious Version of Iranian Anti-Censorship Software
The malware tracks all user activity and uploads data to remote servers.
Researchers at the University of Toronoto's Citizen Lab are warning that malicious versions of the Simurgh anti-censorship software used in Iran and Syria are being distributed online.
"A free encrypted proxy tool called Simurgh -- official website https://simurghesabz.net -- is used by many Iranians to circumvent locally applied net censorship technologies," writes The Register's John Leyden. "Recently a Trojanised version of the tool (Simurgh-setup.zip) has begun appearing on file-sharing networks and wares sites."
"After it is installed it will begin tracking all of your activity," writes Sophos' Chester Wisniewski. "It keeps a log of your username, machine name, every window clicked and keystroke entered. It attempts to submit these logs to some servers located in the United States, but registered to an entity that appears to be based in Saudi Arabia."
"This Trojan has been specifically crafted to target people attempting to evade government censorship," Citizen Lab technical advisor Morgan Marquis-Boire wrote in a blog post. "Given the intended purpose of this software, users must be very careful if they have been infected by this Trojan. Additionally, they should be cautious about installing software, especially circumvention software, from untrusted sources. Where possible, software should be downloaded from trusted official websites over HTTPS."