viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Official Monero website is hacked to deliver currency-stealing malware
Technology

Official Monero website is hacked to deliver currency-stealing malware

23/11/2019

Image of ones and zeros with the word

The official site for the Monero digital coin was hacked to deliver currency-stealing malware to users who were downloading wallet software, officials with GetMonero.org said on Tuesday.

The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn’t match the hash listed on the page. Over the next several hours, users discovered that the miss-matching hash wasn’t the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding.

“It’s strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries,” GetMonero officials wrote. “If they don’t match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.“

An analysis of the malicious Linux binary found that it added a few new functions to the legitimate one. One of the functions was called after a user opened or created a new wallet. It sent the wallet seed—which is the cryptographic secret used to access wallet funds—to a server located at node.hashmonero[.]com. The malware then sent wallet funds to the servers located at node.xmrsupport[.]co and 45.9.148[.]65.

A malicious Windows version of the CLI wallet carried out an almost identical attack sequence.

At least one person participating in a Reddit forum claimed to have lost digital coins after installing the malicious Linux binary.

“Roughly 9 hours after I ran the binary a single transaction drained my wallet of all $7000,” the person wrote. “I downloaded the build yesterday around 6pm Pacific time.”

The user said at the time that it wasn’t clear if the malware carried out other nefarious actions on the computer itself. The person made a copy of the malware available for download so that researchers can analyze the code. Under no circumstances should people run this binary on anything other than a test machine that has no access to cryptocurrency wallets.

GetMonero’s advisory didn’t say the site was compromised or if the vulnerabilities that led to the hack had been fixed. Users should stay apprised of this breach in the coming days.

In the meantime, people who want to verify the authenticity of their Monero CLI software can check here for Windows or here for more advanced users of Windows, Linux, or macOS.

The incident is a graphic reminder of why it’s crucial to check summaries before installing software. The links in the paragraph above this one explain how to do that.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Sproutt raises $12 million to find your best life insurance policy with AI
Life insurance isn’t as popular as it once was, despite …

Sproutt raises $12 million to find your best life insurance policy with AI

Electric vehicle startup Nio lays off 141 employees at its North American headquarters – TechCrunch
Electric vehicle startup Nio is laying off 141 people at …

Electric vehicle startup Nio lays off 141 employees at its North American headquarters – TechCrunch

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Apple says its ultra wideband technology is why newer iPhones appear to share location data, even when the setting is disabled – TechCrunch
    Apple says its ultra wideband technology is …
    05/12/2019
  • The Game Awards expands its streamed broadcast to India
    The Game Awards expands its streamed broadcast …
    05/12/2019
  • Qualcomm announces Snapdragon XR2, the world’s first 5G XR platform
    Qualcomm announces Snapdragon XR2, the world’s first …
    05/12/2019
  • Chrome 79 arrives with password warnings, real-time phishing protection, and WebXR Device API
    Chrome 79 arrives with password warnings, real-time …
    10/12/2019
  • Gift Guide: For the budding video creator – TechCrunch
    Gift Guide: For the budding video creator …
    29/11/2019

Popular Posts

  • Sproutt raises $12 million to find your best life insurance policy with AI
    Sproutt raises $12 million to find your …
    11/12/2019 0
  • 10 Things Your Ancestors Did Better Than …
    20/11/2019 0
  • 60 Stunning Images Of South Asia – …
    20/11/2019 0
  • 10 Ways Slaves Will Work For You …
    20/11/2019 0
  • Top 10 Gruesome Facts About Edmund Kemper …
    20/11/2019 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2019 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.I AgreePrivacy policy