Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Official Monero Website is Hacked to Deliver Currency-Stealing Malware

posted by janrinok on Wednesday November 20 2019, @08:14PM   Printer-friendly
from the who-CAN-you-trust? dept.

upstart writes:

Submitted via IRC for Bytram

Official Monero website is hacked to deliver currency-stealing malware

The official site for the Monero digital coin was hacked to deliver currency-stealing malware to users who were downloading wallet software, officials with GetMonero.com said on Tuesday.

The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page. Over the next several hours, users discovered that the mismatching hash wasn't the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding.

"It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries," GetMonero officials wrote. "If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason."

An analysis of the malicious Linux binary found that it added a few new functions to the legitimate one. One of the functions was called after a user opened or created a new wallet. It sent the wallet seed—which is the cryptographic secret used to access wallet funds—to a server located at node.hashmonero[.]com. The malware then sent wallet funds to the servers located at node.xmrsupport[.]co and 45.9.148[.]65.

A malicious Windows version of the CLI wallet carried out an almost identical attack sequence.

[...] In the meantime, people who want to verify the authenticity of their Monero CLI software can check here for Windows or here for more advanced users of Windows, Linux, or macOS.

The incident is a graphic reminder why it's crucial to check summaries before installing software. The links in the paragraph above this one explain how to do that.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Official Monero Website is Hacked to Deliver Currency-Stealing Malware | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by ikanreed on Wednesday November 20 2019, @09:53PM (3 children)

    by ikanreed (3164) Subscriber Badge on Wednesday November 20 2019, @09:53PM (#922644) Journal

    You're right, I got it mixed up with Libra.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1, Funny) by Anonymous Coward on Wednesday November 20 2019, @10:03PM (2 children)

    by Anonymous Coward on Wednesday November 20 2019, @10:03PM (#922647)

    Woah woah woah, this is SN and if the admins have made one thing clear is that you NEVER back down even when proven wrong.

    • (Score: 0) by Anonymous Coward on Wednesday November 20 2019, @10:06PM (1 child)

      by Anonymous Coward on Wednesday November 20 2019, @10:06PM (#922649)

      Hey, an exhaustive investigation proved that the journal postings were removed by Russian operatives, OK.

      • (Score: 2) by Freeman on Wednesday November 20 2019, @11:06PM

        by Freeman (732) on Wednesday November 20 2019, @11:06PM (#922694) Journal

        Or the user was having a bad day, which is a lot more likely, than specifically being targeted by the volunteers who run this site.

        --
        Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"