For more than two months is is present in the official App Store a fake version of the Tor Browser app. It’s full of adware and spyware.
The Tor Browser is the most popular tool for anonymization of the user’s Internet experience, it’s use is literally exploded after the disclosure of numerous documents leaked by Snowden of US surveillance programs. A growing number of internet users have started to use the popular browser to anonymize browsing sessions and preserve the user’s privacy, avoiding surveillance of Governments.
As usual cybercrime is very responsive to users’ habits and the events that happen to try to take advantage of them, as occurred in the case of the MtGox in which data leaked by the popular exchange was invented by hackers to infect a large audience with a Bitcoin stealer malware.
In the last couple of months a fake Tor Browser app has been published on the App Store, representatives from Tor Project who have noted the fake app has requested Apple to remove it without success.
The Tor browser app price is $0.99 and contains adware and spying functionality, it is not developed by Tor Project developers and its author is using Tor’s name to deceive Apple users and convince them to download it.
“Tor Browser in the Apple App Store is fake. It’s full of adware and spyware. Two users have called to complain. We should have it removed.” is the message posted in a ticket posted on the Tor Project (#10549 new task).
Thefake Tor browser app was first reported to Apple in December, the company replied that is was investigating and its intent was to give the developer “a chance to defend their app.”
It’s important that all Internet users will stress Apple to remove the Tor Browser app from the store, it is dangerous and could harm user’s privacy despite it’s not clear if the app could preserve the user’s browsing.
At the time I‘m writing the Tor Browser app is still present in the App Store.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.