Skip to main content

Hackers Exploiting 'Bitmessage' Zero-Day to Steal Bitcoin Wallet Keys



Bitmessage developers have warned of a critical 'remotely executable' zero-day vulnerability in the PyBitmessage application that was being exploited in the wild.

Bitmessage is a Peer-to-Peer (P2P) communications protocol used to send encrypted messages to users. Since it is decentralized and trustless communications, one need-not inherently trust any entities like root certificate authorities.

Those who unaware, PyBitmessage is the official client for Bitmessage messaging service.

According to Bitmessage developers, a critical zero-day remote code execution vulnerability, described as a message encoding flaw, affects PyBitmessage version 0.6.2 for Linux, Mac, and Windows and has been exploited against some of their users.
"The exploit is triggered by a malicious message if you are the recipient (including joined chans). The attacker ran an automated script but also opened, or tried to open, a remote reverse shell," Bitmessage core developer Peter Šurda explained in a Reddit thread.
"The automated script looked in ~/.electrum/wallets [Electrum wallets], but when using the reverse shell, he had access to other files as well. If the attacker transferred your Bitcoins, please contact me (here on Reddit)."
Moreover, hackers also targeted Šurda. Since his Bitmessage addresses were most likely considered to be compromised, he suggested users not to contact him at that address.
"My old Bitmessage addresses are to be considered compromised and not to be used," Šurda tweeted.
Šurda believes that the attackers exploiting this vulnerability to gain remote access are primarily looking for private keys of Electrum bitcoin wallets stored on the compromised device, using which they could/might have stolen bitcoins.

Bitmessage developers have since fixed the vulnerability with the release of new PyBitmessage version 0.6.3.2.

So, if you are running an affected version of PyBitmessage, you are highly recommended to upgrade your software to version 0.6.3.2.

Since the vulnerability affects PyBitmessage version 0.6.2 and not PyBitmessage 0.6.1, alternatively you can also consider, as suggested by Šurda, downgrading your application to mitigate yourself from potential zero-day attacks.

Although the developers did not reveal more details about the critical vulnerability, Šurda advised users to change all their passwords and create new Bitmessage keys, if they have any suspicion of their computers being compromised.

Binary files for Windows and OSX are expected to become available on Wednesday.

The investigation into these attacks is still ongoing, and we will update this article with more information as it becomes available.

Stay Tuned! Stay Safe!

Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

Google starts rolling out ‘Call Screen’ feature for Pixel smartphones

San Francisco, Dec 2 (IANS) Google has started rolling out a feature for its Pixel smartphones that lets users make use of the Google Assistant to see who is calling and why before they answer a call. The feature allows users to see a real-time transcript of how the caller responds so that they can then decide whether to pick up, respond by tapping a quick reply (for example, “I’ll call you back later”), or mark the call as spam and dismiss. “Call Screen is only available to English speakers in the United States who have Pixel 2, 2 XL, 3, or 3XL devices. If you don’t see Call Screen in the Phone app’s settings, it’s not available yet,” Google said. Call Screen, which can help users save the time spent on picking up unimportant calls from unknown numbers, does not use Wi-Fi or mobile data of the user. This feature does not work with third-party call recording and screen recording apps as these apps may interfere with how the feature works. It is better to turn off these app...
Post a Comment
Read more

Chrome Web Browser Will Now Use 10% More RAM With Spectre Fix

A new security feature named ‘Site Isolation’ has been introduced for Google Chrome 67 which would nullify the effects of speculative execution side-channel attacks like Spectre. To put things to the perspective, Spectre is one of the two fundamental design flaws in the  modern processors, which allow programs to get access to the data for which it is not authorized. Malicious data can exploit this flaw to steal your password and other personal information. What is Site Isolation? The new Site Isolation feature introduced in Google Chrome 67 brings about a fundamental change to Chrome’s architecture. Now, Chrome has changed how its multi-process architecture worked and different tabs used different render processes. According to the new architecture, Chrome limits each renderer process to a single site. By this separation of processes, Google aims to prevent direct memory reading across different processes to safeguard users’ data. According to G...
Post a Comment
Read more

Facebook Fined £500,000 for Cambridge Analytica Data Scandal

Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users. The fine has been imposed by the UK's Information Commissioner's Office ( ICO ) and was calculated using the UK's old Data Protection Act 1998 which can levy a maximum penalty of £500,000 — ironically that’s equals to the amount Facebook earns every 18 minutes. The news does not come as a surprise as the U.K.'s data privacy watchdog already notified the social network giant in July this year that the commission was intended to issue the maximum fine. For those unaware, Facebook has been under scrutiny since earlier this year when it was revealed that the personal data of 87 million users was improperly gathered and misused by political consultancy firm Cambridge Analytica, who reportedly helped Donald Trump win the US presidency in 2016. The ICO, who launched an investigatio...
Post a Comment
Read more