- Hackers Exploiting ‘Bitmessage’ Zero-Day to Steal Bitcoin Wallet Keys
Bitmessage is a Peer-to-Peer (P2P) communications protocol used to send encrypted messages to users. It uses strong authentication which means that the sender of a message cannot be spoof, and it aims to hide “non-content” data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. According to the latest report Bitmessage developers have warned of a critical ‘remotely executable’ zero-day vulnerability in the PyBitmessage application that was being exploited in the wild. The flaw affects PyBitmessage version 0.6.2 for Linux, Mac, and Windows and has been exploited against some of their users. The exploit is triggered by a malicious message if you are the recipient (including joined chans). The attacker ran an automated script but also opened, or tried to open, a remote reverse shell,” Bitmessage core developer Peter Šurda explained in a Reddit thread. Bitmessage developers have since fixed the vulnerability with the release of new PyBitmessage version 0.6.3.2.
Cyber Security Tips: Users are highly recommended to upgrade your software to version 0.6.3.2.
- Hackers use Google Ads to steal $50 million of Bitcoin
Another day, another Bitcoin scam, but this time hackers used Google Ads service. The unknown hacker used Google Adwords and Google Sites to spread malware from Google search engine. Its detailed analysis is available here. Now, a similar scam has been bust by IT security researchers at Talos cybersecurity team in which a group of Ukranian hackers stole $50 million worth of cryptocurrency from users and investors at Blockchain.info, a Luxembourg based prominent Bitcoin cryptocurrency wallets and block explorer service providers. Hackers bought advertisement slot using Google Adwords, meaning if a user searched for terms like “blockchain” or “bitcoin wallet,” the search results would display spoofed website carrying the exact same design as the original one. This tricked users into believing that they are on the official website and logged in with their credentials allowing hackers to access their wallets and steal cryptocurrency.
Cyber Security Tips: If you are into cryptocurrency business stays safe online and do not fall for such scams. Moreover, it is advised not to storing your funds of an online wallet, use hardware Bitcoin wallets, and avoid clicking on any ads.