The official website of the Monero Project has been compromised to serve a malware-infected version of the CLI (command-line interface) wallet.
The malicious file was available for download for around 14 hours and at least one of the users who downloaded the malware has had their funds stolen.
What happened?
On Tuesday (November 18), a user noticed that the SHA256 hash sum of the 64-bit Linux binary he downloaded from the site did not match the one listed on it, which means that the file had been modified.
The Monero Project team began investigating and confirmed they’ve been compromised.
“It’s strongly recommended to anyone who downloaded the CLI wallet from [web.getmonero.org] between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If they don’t match the official ones, delete the file ..
Support the originator by clicking the read the rest link below.
