A Russia-based Tor exit node has been found to patch malware onto downloaded binaries. The findings are based on Josh Pitts’ research on Man-in-the-Middle binary patching using the Backdoor Factory patching framework. Pitts also checked if Windows Update packages wrapped in Windows Portable Executable (PE) format are patched with the malicious code. It resulted in tampering with Windows PE packages that would make the Windows Update system flag them with the 080200053 error code.”]