O website oficial do Projeto Monero foi comprometido para entregar um stealer de criptomoedas em 18 de novembro.
O problema de segurança foi descoberto depois que um utilizador descarregar um binário Monero da linha de comando (CLI) do Linux de 64 bits que continha um coin stealer.
O utilizador descobriu que o hash SHA256 calculado para o binário descarregado não correspondia ao hash SHA256 listado no site oficial, sugerindo que os dois ficheiros eram de facto diferentes, provavelmente pela presença de um código malicioso.
O utilizador prontamente relatou a situação à Monero, que confirmou hoje o hack.
#Monero Security Warning:
CLI binaries available on https://t.co/UYopePqqdo may have been compromised at some point during the last 24h. Investigations ongoing.https://t.co/BqnONy4PPg
— Monero || #xmr (@monero) November 19, 2019
“Yesterday a GitHub issue about mismatching hashes coming from this website was opened. A quick investigation found that the binaries of the CLI wallet had been compromised and a malicious version was being served.” reads an advisory published by Monero on the official website. “The problem was immediately fixed, which means the compromised files were online for a very short amount of time. The binaries are now served from another, safe, source. See the reddit post by core team member binaryfate.”
A equipe da Monero recomenda que os utilizadores que descarregaram o binário CLI deste site oficial entre segunda-feira, 18 de fevereiro, às 2:30 da manhã UTC e as 16:30 da tarde UTC, devem verificar os hashes dos binários.
Caso os hashes não correspondam aos oficiais (https://getmonero.org/downloads/hashes.txt), os utilizadores precisam excluir os ficheiros e descarrega-los novamente. A equipe da Monero sugere evitar a execução dos binários comprometidos.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.