Google Threat Analysis Group: They use multiple platforms to communicate, a blog as a lure, and a novel social engineering technique.
GetMonero, the official cryptocurrency site, has been hacked by cybercrime. The goal is to distribute stealing malware
GetMonero, the official website of the Monero cryptocurrency project, has been hacked by cybercrime distribute cryptocurrency stealing malware. It has been discovered by an user, who spotted that the cryptographic hash for binaries he downloaded from the official site didn’t match the hashes listed on it. The company then issued a warning about the incident. “It’s strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If they don’t match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.” At this moment, it’s unclear how many users have been affected. But, according to the HackerNews cyber security media, at least one GetMonero user on Reddit claimed to have lost funds worth $7000 after installing the malicious Linux binary.
Cyber security researcher Bart Blaze: Cybercrime injected malicious functions in the software that executes after a user opens or creates a new wallet
According cyber security researcher Bart Blaze, cybercrime modified legitimate binaries to inject a few new functions in the software that executes after a user opens or creates a new wallet. The malicious functions are programmed to automatically steal and send users’ wallet seed—sort of a secret key that restores access to the wallet—to a remote attacker-controlled server, allowing attackers to steal funds without any hassle. Furthermore, Blaze advised that Monero is not the first, nor will it likely be the last cryptocurrency (in this case, its website and binaries) that gets compromised. So, to counter cryptocurrency stealing malware, it’s imperative to watch online accounts closely, especially those where users have financially invested in. Use strong passwords, use MFA (or 2FA) where possible and always be vigilant. Finally, verify hashes when a new version is available.