Developers have found that a fake version of a popular Bitcoin Wallet comes equipped with the ability to steal users’ seeds.
On 9 May, the Electrum team published a document on GitHub calling out “Electrum Pro” as “stealware” and “bitcoin-stealing malware.”
According to the developers, the individuals behind Electrum Pro took control of “electrum dot com” and created a website with a slightly different design and logo than the Bitcoin wallet’s actual website, which is located at electrum.org. When called out as scammers, those managing Electrum Pro responded on Reddit by saying their website is a fork of the Electrum project. They went on to state that their work aims to help “improve the user experience.”
Electrum’s developers have long suspected that these copycats were up to no good, but they had no “formal evidence” of any wrongdoing, so all they could do was warn users to be careful.
That changed when they decided to do a public security audit of one of Electrum Pro’s Windows binaries.
The developers downloaded the binary from Electrum Pro’s website, uncompressed the zip, unpacked the binary, decompiled it and had a look at the output. Something immediately stood out for them. As they wrote on GitHub:
In this binary, a few extra lines have been added by the scammers: A thread is started that sends an HTTP POST request to their website, and its payload is the user’s seed. This demonstrates that “Electrum Pro” is bitcoin-stealing malware.
For their analysis, Electrum’s developers looked at just one of Electrum Pro’s Windows binaries. They confirmed that the .dmg file for Mac users contains the same modifications as the (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/devs-find-fake-version-of-bitcoin-wallet-stealing-users-seeds/