Malware on Official Monero Website Can Steal Crypto: Investigator

Published at: Nov. 19, 2019

The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team.

The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes.

The software was malicious

On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating:

“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”

An important security practice

Hashes are non-reversible mathematical functions which, in this case, are used to generate an alphanumeric string from a file that would have been different if someone was to make changes to the file.

It is a popular practice in the open-source community to save the hash generated from software available for download and keep it on a separate server. Thanks to this measure, users are able to generate a hash from the file they downloaded and check it against the expected one.

If the hash generated from the downloaded file is different, then it is likely that the version distributed by the server has been replaced — possibly with a malicious variant. The Reddit announcement reads:

“It appears the box has been indeed compromised and different CLI binaries served for 35 minutes. Downloads are now served from a safe fallback source. [...] If you downloaded binaries in the last 24h, and did not check the integrity of the files, do it immediately. If the hashes do not match, do NOT run what you downloaded.”

In general, blockchain development communities are vigilant in tracking possible vulnerabilities and maintaining network integrity.

In mid-September, the developer of Ethereum decentralized exchange protocol AirSwap’s developers announced a different important development for their project’s security. More precisely, they revealed the discovery of a critical vulnerability in the system’s new smart contract.

In order to incentivize network integrity, some organizations have founded bounty programs that reward so-called white-hack hackers for exposing vulnerabilities.

Tags
Related Posts
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Developers Propose Plan to Protect Ethereum Classic Network From Further Attacks
Ethereum Classic (ETC) accelerator Ethereum Classic Labs announced a plan to protect the blockchain from further attacks. On Aug. 19 the organization proposed taking immediate action in implementing long-term changes to the network architecture over the next three to six months. The accelerator decided to focus their efforts on improving the network’s security after recent attacks on the blockchain. The immediate measures proposed by Ethereum Classic Labs include a “defensive mining” cooperation with mining pools and miners to maintain a consistent hashrate and gain the ability to increase it when needed. A higher hashrate would render a 51% attack against …
Altcoin / Aug. 20, 2020
AT&T Wins Some, Loses Some, in Motion Dismissals in $24M SIM Swap Case
The federal judge overseeing Terpin Vs. AT&T has dismissed the motion. This news is the latest in a legal battle pertaining to crypto stolen via SIM-swapping that has been going on for almost a year industry news outlet, The Block, reports on July 26. As Cointelegraph previously reported, in August last year Terpin filed a lawsuit against AT&T, since he believes that the telecoms giant had provided hackers with access to his phone number, which led to a major crypto heist. Earlier this month the federal judge overseeing the case has also denied the telecom giant’s motion for dismissal. Per …
Altcoin / July 27, 2019
FBI issues alert over cybercriminal exploits targeting DeFi
The U.S Federal Bureau of Investigation (FBI) has issued a fresh warning for investors in decentralized finance (DeFi) platforms, which have been targeted with $1.6 billion in exploits in 2022. In an Aug. 29 public service announcement on the FBI's Internet Crime Complaint Center, the agency said the exploits have caused investors to lose money — advising investors to conduct diligent research about Defi platforms before using them, while also urging platforms to improve monitoring and conduct m rigorous code testing. The law enforcement agency warned that cybercriminals are out in force to take advantage of "investors' increased interest in …
Blockchain / Aug. 30, 2022
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020