Cryptocurrency Monero Website Hacked, Original Binaries Replaced
The website of the Monero open-source cryptocurrency was compromised, and some users downloaded a modified binary that contained malware designed to steal funds from people”s wallets.
When a Linux user downloaded the latest Monero binary from the website, he did something that we should all do whenever we download a file. He compared the SHA256 secure hash algorithm of the downloaded file to the one listed on the website and noticed a difference. It turned out the website was compromised, and a modified binary was offered to users.
One of the MD5 or SHA256 hash roles is to help people compare the download files with those on the server. A different hash could signal a problem with your system”s RAM but also show you”ve downloaded a different file than the original.
In the case of Monero, hackers had compromised the official website and download servers and replaced the file with their own version, laced with malware used to transfer funds from people”s wallets.
“Some users noticed the hash of the binaries they downloaded did not match the expected one: https://github.com/monero-project/monero/issues/6151
It appears the box has been indeed compromised and different CLI binaries served for 35 minutes. Downloads are now served from a safe fallback source. Always check the integrity of the binaries you download!” said the developers on Reddit.
“If you downloaded binaries in the last 24h, and did not check the integrity of the files, do it immediately. If the hashes do not match, do NOT run what you downloaded. If you have already run them, transfer the funds out of all wallets that you opened with the (probably malicious) executables immediately, using a safe version of the Monero wallet (the one online as we speak is safe — but check the hashes).”
The investigation has so far only revealed that the binary had a simple coin stealer, but the developers are still working on determining how the breach occurred.
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022