The official Monero website has been hacked to deliver currency-consuming malware

The official site for the digital Monero coin has been hacked to deliver currency-stealing malware to users downloading portfolio software, officials reported at GetMonero.org Tuesday.

The supply chain attack came to light on Monday when a site user reported that the cryptographic hash for a command line interface wallet downloaded from the site did not match the hash on the page. In the course of the following hours, users discovered that the hash that did not match was not the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Office officials later confirmed that finding.

“It is highly recommended to anyone who has downloaded the CLI portfolio from this website between 6:30 PM and 6:30 PM Monday to check the hashes of their binary files,” wrote GetMonero officials. “If they do not match the official files, delete the files and download them again. Do not run the compromised binaries for any reason.

An analysis of the malicious Linux binary file showed that it has added a few new functions to the legitimate one. One of the functions was named after a user opened or created a new wallet. It sent the wallet seed [the cryptographic secret used to access wallet funds] to a server at node.hashmonero [.] Com. The malware then sent portfolio funds to the servers at node.xmrsupport [.] Co and 45.9.148 [.] 65.

A malicious Windows version of the CLI wallet carried out an almost identical attack sequence.

At least one person who participated in a Reddit forum claimed to have lost digital coins after installing the malicious Linux binary file.

“About 9 hours after I executed the binary file, a single transaction emptied my portfolio of all $ 7,000,” the person wrote. “I downloaded the build yesterday around 6 p.m. Pacific time.”

The user said at the time that it was not clear whether the malware had performed other malicious actions on the computer itself. The person has made a copy of the malware available for download so that researchers can analyze the code. Under no circumstances should people execute this binary file on anything other than a test machine that does not have access to cryptocurrency portfolios.

GetMonero’s advice did not say that the site had been compromised or that the vulnerabilities that led to the hack had been resolved. Users must stay informed of this infringement in the coming days.

In the meantime, people who want to verify the authenticity of their Monero CLI software can check here for Windows or here for more advanced users of Windows, Linux or macOS.

The incident is a graphical reminder of why it is crucial to check summaries before installing software. The links in the paragraph above explain how to do that.

Similar Posts

Leave a Reply