Simurgh, a proxy avoidance software used in Iran and Syria to get around censorship blocks, has reportedly been latched onto by a new Trojan. Proxy servers are commonly used to mask a computer’s IP address and make it seem like it’s coming from a different country or computer. Because of strict bans on some forms of information in Syria and Iran, some groups and people have been using these servers as workarounds.

Simurgh has been online for many years without any problems, but recently the University of Toronto discovered a large amount of malware, some of it designed to capture usernames and passwords of anyone who uses it. “This Trojan has been specifically crafted to target people attempting to evade government censorship,” the University of Toronto’s blog stated early last week. “Given the intended purpose of this software, users must be very careful if they have been infected by this Trojan.”

The Trojan isn’t particularly sneaky; it can be detected by almost all anti-virus software, and simply having a good virus detection program on your network or personal computer can counter it. However, once it’s on a computer, it’s hard to remove permanently. The University of Toronto team warns against using any version of the proxy server that doesn’t rely on official websites that use HTTPS security.

The real Simurgh program is software that doesn’t require any installation, so users should avoid installing anything that claims it’s a mirror of Simurgh. The malware version of Simurgh downloads as Simurgh-setup.zip.

Currently, there is no speculation on who is behind the pseudo version of Simurgh.