Official Monero website is hacked to deliver currency-stealing malware

Dan Goodin

from Ars Technica - All content on 2019-11-20 02:19 (#4VCM2)

The official site for the Monero digital coin was hacked to deliver currency-stealing malware to users who were downloading wallet software, officials with GetMonero.com said on Tuesday.

The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page. Over the next several hours, users discovered that the miss-matching hash wasn't the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding.

"It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries," GetMonero officials wrote. "If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason."

Read 8 remaining paragraphs | Comments

index?i=ZAWppXRe4bo:EINdCyozrH8:V_sGLiPB

index?i=ZAWppXRe4bo:EINdCyozrH8:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/