The development team of Bitcoin's desktop portfolio, Electrum, shared on Sunday, January 7, its latest system update to correct the vulnerability to possible theft of funds by exploiting a bug found in its code.
As explained in the official post, anyone who opens their wallet without a password phrase (passphrase) and who has a web page open at the same time, would be exposed to thefts in their Bitcoin portfolios, originating from random online sites via JavaScript. Electrum purses are vulnerable in versions 2.6 to 3.0.3. Also the software for Bitcoin Cash called Electron Cash. To avoid problems, recommend closing the portfolio immediately and update to the latest version of the portfolios.
If at any time in the past you:
Electrum has been opened without having an established passphrase; and has had an open web page; Then it is likely that your portfolio is already compromised. Particularly paranoid people may want to send all the BTCs in their old portfolios to a newly generated Electrum portfolio. (Although probably if someone owns your wallet, then they probably would have already stolen all the BTCs in it).
Electrum Wallet
To solve this, a first update of the system under number 3.0.4 was offered through the official Twitter of the developers, although shortly after it was discarded for remaining vulnerable to attack.
A few hours later the final version 3.0.5 was released, which definitively corrects security problems. It is recommended not to use the portfolio with open websites until the update is made, regardless of which version it belongs to. Once installed, the application will have a different executable file than the version previously used, but both the portfolio and the previous configuration of passwords and preferences will remain intact.
The attacks of viruses and malware that steal funds in Bitcoin are increasingly common in all parts of the world. Quant Trojan malicious software has recently been updated in its design to look for credentials of bitcoin portfolios and other cryptoactives. This now includes new default files, such as bs.dll.c, which steals cryptoactives and sql.dll.c, which is responsible for stealing credentials. It is available for purchase in clandestine Internet forums in Russia, being publicized by MrRaiX and DamRaiX users.
According to the British security company Sophos, ransomware attacks are on the rise and 2018 will be one of the peak years of this cyber-extortion scheme. So the best thing to do is always keep the antivirus updated and be alert to any potential attack.
@OriginalWorks
Karşılıklı beğeni ?