Trojan:Win32/Wacatac.H!ml

brian · February 24, 2023, 7:33am

I powered up my device and it displayed a prompt:
TOR BROWSER UPDATING
Almost immediately Windows 10 kicked in with a Defender prompt:

THREAT REMOVED OR RESTORED
SEVERE

Detected:
Trojan:Win32/Wacatac.H!ml

Details:
This program is dangerous and executes commands from an attacker.

Affected items:
file: C:\Users\b\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\webtunnel-client.exe

My question is: Was this TROJAN in the update for this Windows Alpha Release 12.5.3 (updated on 02-22-2023)

Comrade_Binx · February 24, 2023, 7:38pm

Hello!
I cannot confirm whether the Trojan was included in the update or not, but I don’t think it was. However, it’s worth noting that Trojans like Win32/Wacatac.H can infect a system through various means.

It’s possible that the Trojan was already present on your system and got detected by Windows Defender when it tried to execute the webtunnel-client.exe file during the Tor Browser update.

Another possibility is that the Tor browser was downloaded through a 3rd-party site, and included a TROJAN in the files.

I would recommend running a full system scan with your antivirus software to check for any other potential threats on your system, just to stay safe.
Hope this helps!

Comrade Binx

brian · February 24, 2023, 8:35pm

Thank you for your reply.
Windows 10 isolated it quickly.
I did not connect to TOR or execute the TOR update.
I ran a full scan and Windows found nothing further.
I posted the incident because of Windows description,
and the Trojans identity and location. At this point, I
think its a done deal.

Comrade_Binx · February 25, 2023, 12:15pm

That’s good to hear.
I’m glad your problem was resolved.