![]() The automated script looked in ~/.electrum/wallets, but when using the reverse shell he had access to other files as well.”īitmessage developers are still investigating the attacks. “The attacker ran an automated script but also opened, or tried to open, a remote reverse shell. “The exploit is triggered by a malicious message if you’re the recipient (including joined chans ),”Šurda wrote on Reddit thread. It also aims to hide 'non-content' data, like the sender and receiver of messages, from eavesdroppers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. Šurda speculates the attacker exploited the zero-day to create a remote shell and steal bitcoins from Electrum wallets. Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. Users are recommended to change their passwords and create new bitmessage keys. “Bitmessage developer Peter Šurda’s addresses are to be considered compromised.” continues the advisory. The developers highlighted that PyBitmessage 0.6.1 is not affected by the vulnerability, this means that users can also downgrade their version to mitigate the attacks.Īccording to the security advisor, hackers targeted also the Bitmessage core developer Peter Šurda, his keys were most likely compromised for this reason he has created a new support address. The message encoding vulnerability has been patched with the release of version 0.6.3.2. Alternatively you may downgrade to 0.6.1 which is unaffected.” reads the advisory. If you run PyBitmessage via code, we highly recommend that you upgrade to 0.6.3.2. The cause was identified and a fix has been added and released as 0.6.3.2. “A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. According to the security advisory published by the development team developers, hackers exploited the flaw in attacks against users running PyBitmessage 0.6.2.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |