430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Monero Project website has been compromised to deliver a coin stealer

The official website of the Monero Project has been compromised to deliver a coin stealer. The official website of the Monero Project has been compromised to deliver a cryptocurrency stealer on November 18. The hack was discovered after a user downloaded a Linux 64-bit command line (CLI) Monero binary that was containing a coin stealer. […]

TradeOgre

The official website of the Monero Project has been compromised to deliver a coin stealer.

The official website of the Monero Project has been compromised to deliver a cryptocurrency stealer on November 18.

The hack was discovered after a user downloaded a Linux 64-bit command line (CLI) Monero binary that was containing a coin stealer.

The user discovered that the SHA256 hash calculated for the downloaded binary did not match the SHA256 hash listed on the official site, suggesting that the two files were different likely for the presence of a malicious code.

The user reported his discovery to the Monero team that confirmed the hack today.

“Yesterday a GitHub issue about mismatching hashes coming from this website was opened. A quick investigation found that the binaries of the CLI wallet had been compromised and a malicious version was being served.” reads an advisory published by Monero on the official website. “The problem was immediately fixed, which means the compromised files were online for a very short amount of time. The binaries are now served from another, safe, source. See the reddit post by core team member binaryfate.”

The Monero team recommends users who downloaded the CLI wallet from this its official website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. In case the hashes don’t match the official ones (https://getmonero.org/downloads/hashes.txt), users have to delete the files and download them again. The Monero team suggests to avoid running the compromised binaries.

Monero maintainers published the links to guides that explain how to check the authenticity of their binaries on Windows (beginner) and Verify binaries on Linux, Mac, or Windows command line (advanced).

Guides on how to check if the downloaded binaries have the corrected hashes are available for Windows here and for Linux and macOS here.

Although Windows and macOS files haven’t been reported to be compromised, users of all platforms should check the hashes for all downloaded Monero binaries since all of them could’ve been switched with malicious versions.

Monero project contributor SerHack confirmed that the tainted binary was containing a coin stealer.

moneromanz, one of the users who downloaded the compromised Monero binaries, confirmed the presence of a coin stealer.

“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet,” said moneromanz. “I downloaded the build yesterday around 6pm Pacific time.”

“I have not completed any malware analysis as of yet, but I’d like to get to the bottom of whether the binary is limited to stealing xmr, or also tries to compromise the machine as a whole or any of its files,”.

Moneromanz upload the coin stealer to “https://anonfile[.]com/bbq8h9Bdn7/monero-wallet-cli” to allow other experts to analyze it. 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]