Downloading and trying to open Windows DRM-protected files can deanonymize Tor Browser users and reveal their real IP addresses, security researchers from Hacker House have warned.
Attacks using DRM-protected multimedia files in Windows have been known since 2005, but until recently, they've only been used to spread malware.
Past attacks tried to lure users into opening and playing DRM-protected files. In default scenarios, these files would open in the Windows Media Player, and users would see a popup that asked them to visit a URL to validate the file's license.
Users who agreed were redirected to an "authorization URL." Unknown to users is that malware authors could modify these links and point users to exploit kits or malware-laced files.