If you’ve ever needed some anonymity online you’ve probably looked into using TOR (The Onion Router,) which is essentially an anonymizing proxy. Websites you visit have no way to decypher who you are as long as you’re running a good security bundle, it’ really hard to snoop on your traffic, and generally it’s been a boon to unmonitored conversation and a fair bit of illegal activities.

Unfortunately with the rise of popularity, someone had to go and do their best to ruin it.

A researcher testing the 1000+ exit nodes discovered one node that took and repackaged binaries, injecting them with malware and 3rd party content. This means if you happened to be on that exit node the file you wanted from the trusted website was getting infected in transit.

So far only one exit note of that type has been identified, but it could also be that several others do the same thing occasionally, or perhaps they only do it to systems they’ve identified what country they’re from, maybe there’s one that takes images and puts Brad Pitt’s face on them, nobody knows for sure at the moment.

In the meantime, if you’re downloading anything via TOR, make sure the MD5 matches what it’s supposed to. Then again, if you’re looking at a targeted site on the TOR network, chances are there’s more than just the files being changed, so treat everything as though it could be a zero day browser exploit or infected until such time as this sort of shenanigans has been figured out how to be stopped (EG data streams going through two randomized exit nodes).

In the meantime, the discovered node has been shut down.

[Techaeris]