A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files. The discovery highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. An attacker with a MITM position can actively patch binaries if not security updates with his own code. The Tor Project has set the BadExit flag on the exit node as bad, but that doesn t mean it s happening elsewhere.
Source: https://threatpost.com/researcher-finds-tor-exit-node-adding-malware-to-binaries/109008/