Monero Website Hacked Delivering Malware

[nothans]

via: https://arstechnica.com/information-technology/2019/11/official-monero-website-is-hacked-to-deliver-currency-stealing-malware/

The official website for the digital currency Monero was hacked and modified to deliver a malware disguised as crypto wallets with the purpose of stealing user's' currency.

Quote

The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page. Over the next several hours, users discovered that the mismatching hash wasn't the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding.

"It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries," GetMonero officials wrote. "If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason."

 

Researchers found that there had been changes made to the Linux binary was a script that ran when open which sent your wallet seed to a server. The Windows CLI wallet functioned similarly. At the time of publication of this topic and article from which this was sourced, one reddit user has claimed to have lost his/her coins due to the installation of the Linux binary.

Quote

"Roughly 9 hours after I ran the binary a single transaction drained my wallet of all $7000," the person wrote. "I downloaded the build yesterday around 6pm Pacific time."

GetMonero's advisory has yet to claim the any vulnerabilities in the website and if the site had been fixed. There is a download link of the Linux binary meant for developers and researchers to analyze and comprehend the code.

[mr moose]

I heard some people talking on the radio today about their coins going missing.  I wonder if this is the same thing. 

[nothans]

3 minutes ago, mr moose said:

I heard some people talking on the radio today about their coins going missing.  I wonder if this is the same thing. 

Might be. Personally i heard this news a couple of hours ago and I just wanted to see the community's perspective on this and inform y'all

 

[Eigenvektor]

5 minutes ago, mr moose said:

I heard some people talking on the radio today about their coins going missing.  I wonder if this is the same thing. 

Pretty sure it is: Official Monero website is hacked to deliver currency-stealing malware

 

edit: Argh, I'm stupid Yeah, I mean the malware steals coins, so coins going missing would be expected?

[jagdtigger]

Meh, its fake money anyway so nothing is lost....

[mr moose]

1 minute ago, jagdtigger said:

Meh, its fake money anyway so nothing is lost....

One of the radio presenters I refereed to earlier asked if you forget you password can you just email the company and get it reset?  I'm screaming at the radio, "NO YOU TWAT, the whole point of crypto is no one is on control therefore when something goes wrong it's tuff titties, there is no one to fix it or take the blame".

 

Grrrrr.  

[HarryNyquist]

9 hours ago, jagdtigger said:

Meh, its fake money anyway so nothing is lost....

Cryptocurrency is like the opposite of monopoly money. It's equally useless but people decide to spend real money on something that's more volatile than the stock market.

For reference: $20580 in monopoly money is $20 USD. Meanwhile 1 XMR (monero) is $50-- no wait now it's $60 -- no, $55, no $40, no $10 OMG I'M RUINED AAAA, no wait nvm now it's $80 HAHA I'M RICH

 

Who seriously uses cryptocurrency, is what I want to know. Outside some very niche uses literally the only thing that comes to mind is money laundering.

[nothans]

11 hours ago, mr moose said:

One of the radio presenters I refereed to earlier asked if you forget you password can you just email the company and get it reset?  I'm screaming at the radio, "NO YOU TWAT, the whole point of crypto is no one is on control therefore when something goes wrong it's tuff titties, there is no one to fix it or take the blame".

 

Grrrrr.  

I am optimistic about crypto but due to its high volatility and just how complex the whole process is compared just buying stocks of a public company I wouldn't recommend crypto to basically anyone as of right now. Let's see what the future holds for it though.

[Kisai]

14 hours ago, haris7saud said:

 

The official website for the digital currency Monero was hacked and modified to deliver a malware disguised as crypto wallets with the purpose of stealing user's' currency.

 

 

What a cluster****.

 

So you can't trust the official site, for a currency which has no practical use and primarily used to facilitate crime? OK, why am I not surprised in the slightest.

 

Only two people play with Cryptocurrencies: Pump-and-Dump speculators, and criminals. No legitimate business deals in cryptocurrency without someone willing to take the losses for when the inevitable loss in value or coin theft happens.

[Kisai]

4 hours ago, HarryNyquist said:

Who seriously uses cryptocurrency, is what I want to know. Outside some very niche uses literally the only thing that comes to mind is money laundering.

 

There are some uses, but it's very edge case, basically if there was enough liquidity, where speculators couldn't spike the currency at all, it would make for a very simple currency conversion medium without having to have 10's of 1000's of dollars in a Forex account, or having your bank/credit card take very large comissions. However as store of value, there is no underlying value. It's true value is terribly negative, as energy was burned to "mine" a coin, and that coin can not be transferred back into energy. The last I heard it costs $30,000 in energy (depending on the part of the world) to mine coins.

 

It's extremely wasteful to mine the coins and generates more GHG the dirtier the power source is.

[BachChain]

14 hours ago, haris7saud said:

with the purpose of stealing user's' currency.

If only it had also been a monero miner.

[Tristerin]

4 hours ago, HarryNyquist said:

 

Who seriously uses cryptocurrency, is what I want to know. 

Me

 

Buy, trade, sell.  Rinse, repeat.

 

32 minutes ago, Kisai said:

 

It's extremely wasteful to mine the coins and generates more GHG the dirtier the power source is.

Depends what you identify as wasteful.  Most people don't understand the entire BTC enough to understand why it is very much still being mined today for profit.

 

It comes down to this:

When you have influence over a particular market where real money is exchanged and can manipulate crypto value through reduced profits in USD - it all is very much worth it, and while this is an opinion statement - Im actually living this "opinion".

 

 

[mr moose]

On 11/21/2019 at 7:02 AM, haris7saud said:

I am optimistic about crypto but due to its high volatility and just how complex the whole process is compared just buying stocks of a public company I wouldn't recommend crypto to basically anyone as of right now. Let's see what the future holds for it though.

At best Crypto currency is just going to be a currency like any other,  except no bank holding your wallet for you.  It will still be subject to all the same forces of economics.  At worst it'll die in a fire as a clever way for a few people to get rich in what is effectively an electronic pyramid scheme disguised as a rebellion against the system.