Security researchers say spyware is targeting web users in Iran and Syria attempting to get around censorship controls using popular proxy tool Simurgh.
The tool allows access to sites blocked by authorities and hides the identity of web users, but some versions of the software have been compromised.
Simurgh is an Iranian stand-alone proxy software for Microsoft Windows used mainly by Iranians to bypass censorship since 2009. But the software is now being recommended and circulated among Syrian internet users for bypassing local censorship.
Researchers at the University of Toronto found that some installation software for Simurgh is also installing keylogging spyware that sends data to a site registered in Saudi Arabia.
The data sent by the spyware can include usernames and machine names, as well as every mouse click and keystroke.
The researchers said anyone finding the spyware on their computer should consider all online accounts to have been compromised and all online passwords should be changed.
In response to the discovery, the developers of Simurgh have posted a warning on their website that versions of their software installer downloaded from the file-sharing service 4shared have been compromised.
Security firms Sophos and Avira have also updated their malware scanners to detect the spyware installation code.