Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware (Nov 20, 2019)
The Monero cryptocurrency project website was compromised by an attacker who replaced the clean Linux and Windows downloads with malicious versions designed to steal from victims digital wallets. According to researchers from BartBlaze, the binaries were injected with some new functions that would send the victims “wallet seed” (a secret key) to the attackers. The seed allows users to restore access to the wallet, providing the attackers with the ability to steal any cryptocurrency the victim had stored. The issue was discovered on Monday when a user noticed the binary hashes for the downloads were not the same as the ones listed on the site. The Monero team confirmed on Wednesday 20 November that they had been compromised. The identity of the attackers are still unknown.
Recommendation: Users of the Monero project are recommended to check their wallet binaries match the hash value of the official ones on the website. Cryptocurrencies are a popular target for criminals and nation states alike as they offer potential high net returns with relative anonymity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.