Monero users who downloaded files in the last 24 hours from the official crypto website could be exposed to a malware attack.
November 19, 2019, | AtoZ Markets – In the last 24 hours, Monero command-line interface (CLI) tools downloaded from getmonero.org may be compromised as related code doesn’t march with those in GitHub. For 35 minutes, a Redditor says, different CLI binaries were served.
This is a security risk and operators who ran infected binaries are been requested to move their Monero (XMR) from their wallet. Otherwise, they will lose them in what appears to be a sophisticated attempt to fleece miners. Miners are the gatekeepers of the anonymous and private network.
Move Monero to a safe wallet to avoid malware attack
Presently, this has been rectified and now files are available from a fallback source. Node operators who downloaded infected binaries without verifying if hashes match have been asked to move their funds out to a safe version of the Monero wallet away from the probably infected node bearing the malicious executable.
Operators are required to check the integrity and verify all binaries to see whether they are signed by Fluffypony’s GPG key. This recommendation is vital as doing so confirms that running binaries are sourced from the official Monero database and not from anywhere else.
Otherwise, failure to do so and operating infected files open doors for phishing and other attacks that could result in the loss of valuable XMR coins. To determine the integrity of binary files, authentic code is cryptographically signed while fake ones will always produce a different hash than in the GitHub file.
Upgrading Monero is an Attacking Vector?
There are two ways of upgrading the Monero code. Either using the CLI mode or through GUI. For those who are using the CLI binaries and seeking to upgrade to the latest version of Monero, the activation procedure involves the download, extraction, and transfer of the required binaries from old to new directories. Often, there is no need for blockchain resync.
Monero is one of the leading cryptocurrencies focused on privacy and censorship-resistant transactions. Realizing that sending and receiving addresses could be linked to a real-world identity, the Monero network adopted two main features from CryptoNote: Ring signatures and Unlinkable transactions.
Combined, these two features obfuscate addresses, and the amount sent meaning Monero transactions are literally untraceable and confidential as required. As a fungible, untraceable coin, related transactions cannot be censored at any point. The Kovri Project is under development and once launched, transacting parties would have their IP addresses hidden, a cushion against network monitoring.
Think we missed something? Let us know in the comments section below.