The Guardian’s SecureDrop whistleblower submission site was targeted with a phishing page that attempted to harvest the unique “codenames” for sources who submitted information using the service. In addition, this phishing page promoted an Android app that allowed attackers to perform a variety of malicious activity on a victim’s device. SecureDrop is a service that media organizations can install on the Tor network in order to allow whistleblowers or sources to submit anonymous information to journalists. For example, below is the legitimate Tor SecureDrop site for The Guardian hosted at the 33y6fjyhs3phzfjj.onion address.
Source: Bleeping Computer