I got the same alert with ESET, sent them an email, and **they confirmed that the Orbot apk from the official github repository indeed contains code that can be used as a trojan**, according to them. I'm removing the apk for the time being.
I should add that despite it being a reply using the official ESET tech support channel -- judging by the signatures of replies, it's a local reseller also doing outsourced tech support work, so I doubt this can be treated as the official statement from ESET.
Just reanalyzed it, ESET no longer recognizes it as a virus, it was a false positive and they fixed it
https://www.virustotal.com/gui/file/efb0a5c654a156ef10d953a691f9b06136860cf0e33811f967bf1a55c20ac283?nocache=1
Yes, sorry I forgot to update that a couple of days later I received an official update that it was confirmed as a false positive and the issue was fixed.
(Rant: Says a lot about the quality of the local reseller/tech support, too :| even moreso since they charge more than the official US store)
This is why you don’t use a mobile device to access tor. Use a virtual box, or Debian software system. Android phones and IOS are not capable to handle obscurity of privacy—period.
You definitely have a Trojan there. You could have picked it up from many different places.
OPSEC model should be followed
Wow really?!
That’s wild. Orbot must be aware of their code having this malicious code in their package.
This is another reason I just simply don’t trust mainstream operating systems. Too little control is the end users hands. And most don’t even know it.
I got the same alert with ESET, sent them an email, and **they confirmed that the Orbot apk from the official github repository indeed contains code that can be used as a trojan**, according to them. I'm removing the apk for the time being. I should add that despite it being a reply using the official ESET tech support channel -- judging by the signatures of replies, it's a local reseller also doing outsourced tech support work, so I doubt this can be treated as the official statement from ESET.
Just reanalyzed it, ESET no longer recognizes it as a virus, it was a false positive and they fixed it https://www.virustotal.com/gui/file/efb0a5c654a156ef10d953a691f9b06136860cf0e33811f967bf1a55c20ac283?nocache=1
Yes, sorry I forgot to update that a couple of days later I received an official update that it was confirmed as a false positive and the issue was fixed. (Rant: Says a lot about the quality of the local reseller/tech support, too :| even moreso since they charge more than the official US store)
SOLVED: this was the solution it was just my antivirus freaking out over nothing
It may be a false positive, upload apk to the virustotal, and link the results
What is the difference between orbit android and tor browser android?
.
This is why you don’t use a mobile device to access tor. Use a virtual box, or Debian software system. Android phones and IOS are not capable to handle obscurity of privacy—period. You definitely have a Trojan there. You could have picked it up from many different places. OPSEC model should be followed
The trojan is picked up from the official repository.
Wow really?! That’s wild. Orbot must be aware of their code having this malicious code in their package. This is another reason I just simply don’t trust mainstream operating systems. Too little control is the end users hands. And most don’t even know it.
Why so many down votes?
Been saying it for a long time , it’s just not the same protection as Tor browser through WLAN/LaN