"It's reasonable to conclude that the attacker now has a list of vulnerable Tor users who visited those hidden services," The TOR Project wrote.
Although unconfirmed, computer security experts have theorized the malware may have been used by law enforcement to collect information on people who browsed certain TOR websites supported by a company called Freedom Hosting.
That hosting company is believed to be connected to a 28-year-old man, Eric Eoin Marques. He is being held by Irish authorities pending an extradition request from the U.S. on charges of distributing and promoting child pornography, according to the Irish publication the Independent.
In response to a query about the case, the FBI said Monday that someone had been arrested as part of an investigation, but did not identify the person.
Sign up for CIO Asia eNewsletters.