Tor Browser Trojan?

stinkingbroom

I just installed the Tor browser and it seems that Virustotal and Microsoft Defender detected it as a trojan.
I don't know what to believe. I also tried the Android version of the Tor browser and it too detects the trojan.
It also makes a connection to c.tenor.com, which I don't know what it is.
Has anyone else encountered the same problem or have a solution or opinion?

Virustotal Link: https://www.virustotal.com/gui/file/8a99a22f52a5ecc2501f167ac66b5119ff4de15243249427afafd990fb0c6d59

Themble

stinkingbroom Where did you download TOR from?

newbie24689

stinkingbroom I installed the TOR browser update via fdroid, which gets it directly from TOR. That installation was then scanned on my phone by Bitdefender and Avira, each of which are good on Android detections, and each reported no issues. My guess is that Microsoft defender gets signatures from TrendMicro (and possibly others), and that either TrendMicro is very prescient on Zero-Days or that this is a false positive reported on by Virustotals and therefor on your Windows computer. FWIW I suspect the latter.

P.S. Aurora notes an Exodus report that the Tor Browser is "infected" with: Adjust, Mozilla telemetry, and Google Firebase Analytics. You may want to consider Vanadium/Orbot which won't have those little minders, but may have unique browser fingerprints at the destination - Heh....pick your poison based upon your threat model. There are threads here on this tradeoff.

stinkingbroom

Themble Where did you download TOR from?

I downloaded it from the official website (https://www.torproject.org/download) and had Tor installed on my phone and computer. I don't know about computers, but on Android the OS checks if the update or signature is the same as the previous version.
I also checked the signature and it's valid.

[deleted] There seems to have been a new update that made TOR completely unusable for a lot of people.

I saw it. What do you think about it?

[deleted]

There seems to have been a new update that made TOR completely unusable for a lot of people.

https://www.reddit.com/r/TOR/comments/16w2v3e/detected_trojanwin32malgentmtb_by_windows/?rdt=55197

[deleted]

newbie24689 Exodus report that the Tor Browser is "infected" with: Adjust, Mozilla telemetry, and Google Firebase Analytics.

Exodus is known to be misleading and should not be used as a reputable source of information as seen here:

https://discuss.grapheneos.org/d/471-installing-apps-with-trackers/2

[deleted]

newbie24689 this is a false positive reported on by Virustotals and therefor on your Windows computer.

^ this.

https://support.torproject.org/tbb/antivirus-false-positive/

[deleted]

newbie24689 P.S. Aurora notes an Exodus report that the Tor Browser is "infected" with: Adjust, Mozilla telemetry, and Google Firebase Analytics.

No, the Exodus report does not say that the Tor browser is "infected" with anything. The Exodus report only says that the Tor Browser contains the following "trackers" (Read here to know how Exodus defines an "tracker"): Adjust (Analytics), Google Firebase Analytics (Analytics), Mozilla Telemetry.

[deleted] https://discuss.grapheneos.org/d/471-installing-apps-with-trackers/2

This post is incomplete and not much helpful. The post by strcat is much more helpful.

newbie24689

[deleted] that's a good link (especially, as usual, strcat is brilliant.)

IIUC it is saying that the presence of these SDKs/libraries may be for innocent purposes - not tracking - and may not be active all the time anyway.
I'm noting that these SDKs/libraries are not even present in the Orbot alternative; no "may" involved.
I take your point that Aurora/Exodus reports are indeed erroneously presented and therefor misleading, but knowing about the presence of these SDKs/libraries is useful.

[deleted]

[deleted] what would you use as a reputable source of information about tracking libraries if there is one?

[deleted]

[deleted] Daniel's explanation that you linked is a part of the discussion thread that I linked.

[deleted]

[deleted] I haven't dabbled much with that, so I wouldn't know. I'm sure something's been mentioned in past discussions.

[deleted]

[deleted] Yes, but you linked a specific post.

[deleted]

[deleted] Okay? And? It's a few messages down from what I linked. 😂