The recent detection of Tor Browser’s latest version as Win32/Malgent!MTB malware by Microsoft Defender appears to be a false positive, causing concern among users who rely on Tor Browser for privacy and security. Tor Browser is a popular web browser that uses the Tor network to anonymize browsing traffic, making it a preferred choice for those who want to protect their online privacy. However, Microsoft Defender’s new heuristic detection method, designed to identify Trojans that use Tor to hide their activity, is flagging Tor Browser itself as malware.
Heuristic detection is a method of detecting malware that uses rules and algorithms to identify suspicious behavior. Unlike signature-based detection, which relies on a database of known malware signatures, heuristic detection can detect emerging threats but may also generate false positives by flagging benign software as malware. Microsoft Defender combines both signature-based and heuristic detection methods to protect users from malware, but the recent false positives with Tor Browser suggest that the heuristic detection method may be too broad.
Win32/Malgent!MTB is a generic detection used by Microsoft Defender to identify Trojans that perform malicious actions on a computer. These actions can include downloading and installing other malware, click fraud, recording keystrokes and browsing history, and giving remote access to malicious hackers. However, not all detections of Win32/Malgent!MTB are genuine, and false positives can occur, especially with generic detection methods.
While Microsoft has not yet issued a statement regarding this issue, it is expected that a fix will be released in a future update to Microsoft Defender. The Tor Project, the organization behind Tor Browser, has not commented on the issue but has a dedicated page addressing false positives from antivirus software against Tor Browser. The page assures users that if they downloaded Tor Browser from the official website or verified it through legitimate sources, any malware or vulnerability warnings are false positives.
In the meantime, users concerned about false flagging by Microsoft Defender can take certain steps. It is recommended to download and install the latest version of Tor Browser when available, as it is less likely to be flagged. However, for now, users have reported issues with the latest version, so it is advised to download and install the previous version until the issue is resolved. Another option is to add Tor Browser to the exclusion list in Microsoft Defender, preventing it from being scanned for malware. Alternatively, users can consider using a different antivirus program that is less likely to flag Tor Browser as malware. As a temporary solution, Brave Browser, which entered the dark web with its own Tor Onion service, can be used.
It’s important to note that if users see a notification stating that Tor Browser is infected with malware while using Tor Browser and Microsoft Defender, they should not be alarmed. This is likely a false positive detection, and it is safe to ignore the notification and continue using Tor Browser.
In related news, Microsoft recently declared the Ask toolbar as dangerous malware, highlighting the ongoing efforts to protect users from potentially harmful software. Additionally, hackers have been utilizing the Microsoft Teams chat platform to spread malware, emphasizing the need for robust security measures. Microsoft Office has also been a prime target for malware attacks, with cybercriminals exploiting vulnerabilities in the software. Recently, Microsoft signed a driver called Netfilter that contained malware, underscoring the challenges in ensuring software security. Furthermore, Chinese hackers have been using a stolen Ivacy VPN certificate to sign malware, further highlighting the importance of constant vigilance against cyber threats. Windows Defender also faced criticism after an update was found to be removing zip, exe, and source code files, underscoring the need for regular assessments and improvements in security protocols.