Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

Official Monero Website is Hacked to Deliver Currency-Stealing Malware

posted by janrinok on Wednesday November 20 2019, @08:14PM   Printer-friendly
from the who-CAN-you-trust? dept.

upstart writes:

Submitted via IRC for Bytram

Official Monero website is hacked to deliver currency-stealing malware

The official site for the Monero digital coin was hacked to deliver currency-stealing malware to users who were downloading wallet software, officials with GetMonero.com said on Tuesday.

The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page. Over the next several hours, users discovered that the mismatching hash wasn't the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding.

"It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries," GetMonero officials wrote. "If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason."

An analysis of the malicious Linux binary found that it added a few new functions to the legitimate one. One of the functions was called after a user opened or created a new wallet. It sent the wallet seed—which is the cryptographic secret used to access wallet funds—to a server located at node.hashmonero[.]com. The malware then sent wallet funds to the servers located at node.xmrsupport[.]co and 45.9.148[.]65.

A malicious Windows version of the CLI wallet carried out an almost identical attack sequence.

[...] In the meantime, people who want to verify the authenticity of their Monero CLI software can check here for Windows or here for more advanced users of Windows, Linux, or macOS.

The incident is a graphic reminder why it's crucial to check summaries before installing software. The links in the paragraph above this one explain how to do that.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Official Monero Website is Hacked to Deliver Currency-Stealing Malware | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by jasassin on Thursday November 21 2019, @12:05AM (1 child)

    by jasassin (3566) <jasassin@gmail.com> on Thursday November 21 2019, @12:05AM (#922718) Homepage Journal

    Why don't websites that serve programs dealing with currency do a checksum of the file before it's sent (preferably checksums on multiple remote servers)? I doubt there are so many people downloading the monero software that resources would be problematic. I'm wondering why the dipstick that hacked the server didn't change the checksum on the webpage.

    --
    jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by All Your Lawn Are Belong To Us on Thursday November 21 2019, @07:03PM

    by All Your Lawn Are Belong To Us (6553) on Thursday November 21 2019, @07:03PM (#923099) Journal

    I think you answered both your own questions, in that any such measure to build in a 'checksum check' would presumably be hackable itself by inserting the altered's program's checksum there as well as furthering further compliancy on the part of downloaders. But why it wasn't altered on the webpage... maybe they feared that would bring in too much attention.

    --
    This sig for rent.