Submitted via IRC for Bytram
Official Monero website is hacked to deliver currency-stealing malware
The official site for the Monero digital coin was hacked to deliver currency-stealing malware to users who were downloading wallet software, officials with GetMonero.com said on Tuesday.
The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page. Over the next several hours, users discovered that the mismatching hash wasn't the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding.
"It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries," GetMonero officials wrote. "If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason."
An analysis of the malicious Linux binary found that it added a few new functions to the legitimate one. One of the functions was called after a user opened or created a new wallet. It sent the wallet seed—which is the cryptographic secret used to access wallet funds—to a server located at node.hashmonero[.]com. The malware then sent wallet funds to the servers located at node.xmrsupport[.]co and 45.9.148[.]65.
A malicious Windows version of the CLI wallet carried out an almost identical attack sequence.
[...] In the meantime, people who want to verify the authenticity of their Monero CLI software can check here for Windows or here for more advanced users of Windows, Linux, or macOS.
The incident is a graphic reminder why it's crucial to check summaries before installing software. The links in the paragraph above this one explain how to do that.
(Score: 2) by ikanreed on Wednesday November 20 2019, @09:06PM (9 children)
Monero lives in the non-existant space where radically anti-establishment blockchain obsessives meet Fucking Facebook.
(Score: 2) by Freeman on Wednesday November 20 2019, @09:13PM (1 child)
They wouldn't exist, if no one cared.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by ikanreed on Wednesday November 20 2019, @09:14PM
Okay, Mark Zuckerberg and some accountants at facebook care.
(Score: 2) by epitaxial on Wednesday November 20 2019, @09:21PM
Since Monero is a privacy coin you use it to "launder" bitcoins that you don't want tracked.
(Score: 0) by Anonymous Coward on Wednesday November 20 2019, @09:46PM (4 children)
Care to explain what you think Monero has to do with Facebook?
(Score: 2) by ikanreed on Wednesday November 20 2019, @09:53PM (3 children)
You're right, I got it mixed up with Libra.
(Score: 1, Funny) by Anonymous Coward on Wednesday November 20 2019, @10:03PM (2 children)
Woah woah woah, this is SN and if the admins have made one thing clear is that you NEVER back down even when proven wrong.
(Score: 0) by Anonymous Coward on Wednesday November 20 2019, @10:06PM (1 child)
Hey, an exhaustive investigation proved that the journal postings were removed by Russian operatives, OK.
(Score: 2) by Freeman on Wednesday November 20 2019, @11:06PM
Or the user was having a bad day, which is a lot more likely, than specifically being targeted by the volunteers who run this site.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Sunday November 24 2019, @07:16PM
you're a stupid fucking slave if you don't understand the importance of something like monero.
(Score: 3, Touché) by All Your Lawn Are Belong To Us on Wednesday November 20 2019, @11:26PM
... Who knew?
Oh yeah, cryptocurrency people.... :)
This sig for rent.
(Score: 2) by jasassin on Thursday November 21 2019, @12:05AM (1 child)
Why don't websites that serve programs dealing with currency do a checksum of the file before it's sent (preferably checksums on multiple remote servers)? I doubt there are so many people downloading the monero software that resources would be problematic. I'm wondering why the dipstick that hacked the server didn't change the checksum on the webpage.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 2) by All Your Lawn Are Belong To Us on Thursday November 21 2019, @07:03PM
I think you answered both your own questions, in that any such measure to build in a 'checksum check' would presumably be hackable itself by inserting the altered's program's checksum there as well as furthering further compliancy on the part of downloaders. But why it wasn't altered on the webpage... maybe they feared that would bring in too much attention.
This sig for rent.