SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Official Monero Website is Hacked to Deliver Currency-Stealing Malware
Date    Wednesday November 20 2019, @08:14PM
Author    janrinok
Topic   
from the who-CAN-you-trust? dept.
https://soylentnews.org/article.pl?sid=19/11/20/1437222

upstart writes:

Submitted via IRC for Bytram

Official Monero website is hacked to deliver currency-stealing malware

The official site for the Monero digital coin was hacked to deliver currency-stealing malware to users who were downloading wallet software, officials with GetMonero.com said on Tuesday.

The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page. Over the next several hours, users discovered that the mismatching hash wasn't the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding.

"It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries," GetMonero officials wrote. "If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason."

An analysis of the malicious Linux binary found that it added a few new functions to the legitimate one. One of the functions was called after a user opened or created a new wallet. It sent the wallet seed—which is the cryptographic secret used to access wallet funds—to a server located at node.hashmonero[.]com. The malware then sent wallet funds to the servers located at node.xmrsupport[.]co and 45.9.148[.]65.

A malicious Windows version of the CLI wallet carried out an almost identical attack sequence.

[...] In the meantime, people who want to verify the authenticity of their Monero CLI software can check here for Windows or here for more advanced users of Windows, Linux, or macOS.

The incident is a graphic reminder why it's crucial to check summaries before installing software. The links in the paragraph above this one explain how to do that.

Original Submission

Links
  1. "upstart" - https://soylentnews.org/~upstart/
  2. "Official Monero website is hacked to deliver currency-stealing malware" - https://arstechnica.com/information-technology/2019/11/official-monero-website-is-hacked-to-deliver-currency-stealing-malware/
  3. "cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page" - https://github.com/monero-project/monero/issues/6151
  4. "wrote" - https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html
  5. "analysis of the malicious Linux binary" - https://bartblaze.blogspot.com/2019/11/monero-project-compromised.html
  6. "check here for Windows" - https://getmonero.org/resources/user-guides/verification-windows-beginner.html
  7. "here" - https://getmonero.org/resources/user-guides/verification-allos-advanced.html
  8. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=37599
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Official Monero Website is Hacked to Deliver Currency-Stealing Malware on 2024-04-24 08:04:18