The P2P communications protocol, Bitmessage, has experienced a malware attack. Hackers exploited a zero-day in order to access bitcoin wallets and steal funds. Bitmessage developers have released an updated version of the app containing a fix to the attack.
The attack targeted Bitmessage’s desktop application, PyBitmessage. The app’s core developer, Peter Surda, advised all users to change their passwords and create new Bitmessage keys. He warned that anyone using PyBitmessage 0.6.2 or later must shutdown their app until further notice.
Surda detailed on GitHub that anyone who has joined the "test" chan on Windows, or has a Unix-like system, may be affected. Interestingly, another group of people suffering from this hack could be ransomware developers. The app’s P2P decentralized nature makes it ideal for hackers to send encrypted messages to their victims for ransom-negotiating purposes.
Fortunately, there has not yet been any report of losses. Surda disclosed that the vulnerability only allowed a minor attack. He said that the execution probably crashed before inflicting any damage to the network. Users are still advised to remain alert. Surda warned that the hackers were not just after bitcoin wallets and could be after other files as well.
The developers’ logs initially showed that hackers were attempting to only access the files related to bitcoin wallets. These files contained the private keys of bitcoin holders. With access to these keys, the hackers can easily move funds out from the affected accounts and into their personal accounts.
Later, however, the Bitmessage team discovered that the hackers tried to access a remote reverse shell as well. It cannot be said for sure whether or not the hackers were successful in their attempts. Unfortunately, if they were able to open the reverse shell, then they would have been able to access files other than just the bitcoin wallets.
The hack was reportedly triggered by a malicious message sent to Bitmessage users. "This is not a drill, the exploit can have serious consequences," Surda wrote. PyBitmessage version 0.6.3.2 has been released to resolve this issue. Users are advised to install the updated version without delay. Mac and Windows users are advised to downgrade to 0.6.1 till their respective binaries are released in the coming days.
The attack targeted Bitmessage’s desktop application, PyBitmessage. The app’s core developer, Peter Surda, advised all users to change their passwords and create new Bitmessage keys. He warned that anyone using PyBitmessage 0.6.2 or later must shutdown their app until further notice.
Surda detailed on GitHub that anyone who has joined the "test" chan on Windows, or has a Unix-like system, may be affected. Interestingly, another group of people suffering from this hack could be ransomware developers. The app’s P2P decentralized nature makes it ideal for hackers to send encrypted messages to their victims for ransom-negotiating purposes.
Fortunately, there has not yet been any report of losses. Surda disclosed that the vulnerability only allowed a minor attack. He said that the execution probably crashed before inflicting any damage to the network. Users are still advised to remain alert. Surda warned that the hackers were not just after bitcoin wallets and could be after other files as well.
The developers’ logs initially showed that hackers were attempting to only access the files related to bitcoin wallets. These files contained the private keys of bitcoin holders. With access to these keys, the hackers can easily move funds out from the affected accounts and into their personal accounts.
Later, however, the Bitmessage team discovered that the hackers tried to access a remote reverse shell as well. It cannot be said for sure whether or not the hackers were successful in their attempts. Unfortunately, if they were able to open the reverse shell, then they would have been able to access files other than just the bitcoin wallets.
The hack was reportedly triggered by a malicious message sent to Bitmessage users. "This is not a drill, the exploit can have serious consequences," Surda wrote. PyBitmessage version 0.6.3.2 has been released to resolve this issue. Users are advised to install the updated version without delay. Mac and Windows users are advised to downgrade to 0.6.1 till their respective binaries are released in the coming days.