Monthly Archives: November 2019

Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware

monero website hacked

What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users’ wallets.

The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from the official site didn’t match the hashes listed on it.

Following an immediate investigation, the Monero team today also confirmed that its website, GetMonero.com, was indeed compromised, potentially affecting users who downloaded the CLI wallet between Monday 18th 2:30 am UTC and 4:30 pm UTC.


At this moment, it’s unclear how attackers managed to compromise the Monero website and how many users have been affected and lost their digital funds.

According to an analysis of the malicious binaries done by security researcher BartBlaze, attackers modified legitimate binaries to inject a few new functions in the software that executes after a user opens or creates a new wallet.


hacking monero cryptocurrency wallet

The malicious functions are programmed to automatically steal and send users’ wallet seed—sort of a secret key that restores access to the wallet—to a remote attacker-controlled server, allowing attackers to steal funds without any hassle.


“As far as I can see, it doesn’t seem to create any additional files or folders – it simply steals your seed and attempts to exfiltrate funds from your wallet,” the researcher said.

At least one GetMonero user on Reddit claimed to have lost funds worth $7000 after installing the malicious Linux binary.


I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary, a single transaction drained my wallet of all $7000,” the user wrote. “I downloaded the build yesterday around 6 pm Pacific time.”

GetMonero officials assured its users that the compromised files were online for a very short amount of time and that the binaries are now served from another safe source.


hacking monero cryptocurrency wallet

The officials also strongly advised users to check the hashes of their binaries for the Monero CLI software and delete the files if they don’t match the official ones.

“It’s strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 am UTC and 4:30 pm UTC, to check the hashes of their binaries,” GetMonero said.

“If they don’t match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.”

To learn how to verify hashes of the files on your Windows, Linux, or macOS system, you can head on to this detailed advisory by the official GetMonero team.

The identity of hackers is still unknown, and since the GetMonero team is currently investigating the incident, The Hacker News will update this article with any new developments.


Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.




via: thehackernews

Fitbit to Be Acquired by Google

Fitbit, Inc. (NYSE: FIT) today announced that it has entered into a definitive agreement to be acquired by Google LLC for $7.35 per share in cash, valuing the company at a fully diluted equity value of approximately $2.1 billion.

“More than 12 years ago, we set an audacious company vision – to make everyone in the world healthier. Today, I’m incredibly proud of what we’ve achieved towards reaching that goal. We have built a trusted brand that supports more than 28 million active users around the globe who rely on our products to live a healthier, more active life,” said James Park, co-founder and CEO of Fitbit. “Google is an ideal partner to advance our mission. With Google’s resources and global platform, Fitbit will be able to accelerate innovation in the wearables category, scale faster, and make health even more accessible to everyone. I could not be more excited for what lies ahead.”

“Fitbit has been a true pioneer in the industry and has created terrific products, experiences and a vibrant community of users,” said Rick Osterloh, Senior Vice President, Devices & Services at Google. “We’re looking forward to working with the incredible talent at Fitbit, and bringing together the best hardware, software and AI, to build wearables to help even more people around the world.”

Fitbit pioneered the wearables category by delivering innovative, affordable and engaging devices and services. Being “on Fitbit” is not just about the device – it is an immersive experience from the wrist to the app, designed to help users understand and change their behavior to improve their health. Because of this unique approach, Fitbit has sold more than 100 million devices and supports an engaged global community of millions of active users, utilizing data to deliver unique personalized guidance and coaching to its users. Fitbit will continue to remain platform-agnostic across both Android and iOS.

Consumer trust is paramount to Fitbit. Strong privacy and security guidelines have been part of Fitbit’s DNA since day one, and this will not change. Fitbit will continue to put users in control of their data and will remain transparent about the data it collects and why. The company never sells personal information, and Fitbit health and wellness data will not be used for Google ads.

The transaction is expected to close in 2020, subject to customary closing conditions, including approval by Fitbit’s stockholders and regulatory approvals.

Qatalyst Partners LLP acted as financial advisor to Fitbit, and Fenwick & West LLP acted as legal advisor.

About Fitbit, Inc. (NYSE: FIT)

Fitbit helps people lead healthier, more active lives by empowering them with data, inspiration and guidance to reach their goals. Fitbit designs products and experiences that track and provide motivation for everyday health and fitness. Fitbit’s diverse line of innovative and popular products include Fitbit Charge 3™, Fitbit Inspire HR™, Fitbit Inspire™ and Fitbit Ace 2™ activity trackers, as well as the Fitbit Ionic™ and Fitbit Versa™ family of smartwatches, Fitbit Flyer™ wireless headphones, and Fitbit Aria family of smart scales. Fitbit products are carried in approximately 39,000 retail stores and in 100+ countries around the globe. Powered by one of the world’s largest databases of activity, exercise and sleep data and Fitbit’s leading health and fitness social network, the Fitbit platform delivers personalized experiences, insights and guidance through leading software and interactive tools, including the Fitbit and Fitbit Coach apps, and Fitbit OS for smartwatches. Fitbit’s paid subscription service, Fitbit Premium, uses your unique data to deliver actionable guidance and coaching in the Fitbit app to help you reach your health and fitness goals. Fitbit Health Solutions develops health and wellness solutions designed to help increase engagement, improve health outcomes, and drive a positive return for employers, health plans and health systems.

Fitbit and the Fitbit logo are trademarks or registered trademarks of Fitbit, Inc. in the U.S. and other countries. Additional Fitbit trademarks can be found www.fitbit.com/legal/trademark-list. Third-party trademarks are the property of their respective owners.

Connect with us on Facebook, Instagram or Twitter and share your Fitbit experience.

Additional Information and Where to Find It

In connection with the proposed acquisition, Fitbit will file relevant materials with the Securities and Exchange Commission (the “SEC”), including a preliminary and definitive proxy statement. Promptly after filing the definitive proxy statement, Fitbit will mail the definitive proxy statement and a proxy card to the stockholders of Fitbit. FITBIT’S STOCKHOLDERS ARE URGED TO READ THE DEFINITIVE PROXY STATEMENT (INCLUDING ANY AMENDMENTS OR SUPPLEMENTS THERETO) CAREFULLY WHEN IT BECOMES AVAILABLE BEFORE MAKING ANY VOTING OR INVESTMENT DECISION WITH RESPECT TO THE PROPOSED TRANSACTION BECAUSE IT WILL CONTAIN IMPORTANT INFORMATION ABOUT THE PROPOSED TRANSACTION AND THE PARTIES TO THE PROPOSED TRANSACTION. Stockholders of Fitbit will be able to obtain a free copy of these documents, when they become available, at the website maintained by the SEC at www.sec.gov or free of charge at www.Fitbit.com.

Additionally, Fitbit will file other relevant materials in connection with the proposed acquisition of Fitbit by Google pursuant to the terms of an Agreement and Plan of Merger, by and among Fitbit, Google and Magnoliophyta Inc. (the “Merger Agreement”). Fitbit and its directors, executive officers and other members of its management and employees, under SEC rules, may be deemed to be participants in the solicitation of proxies of Fitbit stockholders in connection with the proposed acquisition. Stockholders of Fitbit may obtain more detailed information regarding the names, affiliations and interests of certain of Fitbit’s executive officers and directors in the solicitation by reading Fitbit’s most recent Annual Report on Form 10-K, which was filed with the SEC on March 1, 2019 and the proxy statement for Fitbit’s 2019 annual meeting of stockholders, which was filed with the SEC on April 11, 2019. These documents are available free of charge at the SEC’s website at www.sec.gov or by going to Fitbit’s Investor Relations website at www.Fitbit.com. Information concerning the interests of Fitbit’s participants in the solicitation, which may, in some cases, be different than those of Fitbit’s stockholders generally, will be set forth in the definitive proxy statement relating to the proposed transaction when it becomes available.

Forward-Looking Statements

This communication contains “forward-looking” statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, that involve risks and uncertainties. In some cases, you can identify these forward-looking statements by the use of terms such as “expect,” “will,” “continue,” or similar expressions, and variations or negatives of these words, but the absence of these words does not mean that a statement is not forward-looking. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including, but not limited to: any statements regarding the expected timing of the completion of the transaction; the ability of Google and Fitbit to complete the proposed transaction considering the various conditions to the transaction, some of which are outside the parties’ control, including those conditions related to regulatory approvals; the expected benefits and costs of the proposed transaction; any statements concerning the expected development or competitive performance relating to Fitbit’s products and services; any statements regarding Google’s future intention with Fitbit; any other statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. A number of important factors and uncertainties could cause actual results or events to differ materially from those described in these forward-looking statements, including without limitation: the failure to satisfy any of the conditions to the consummation of the proposed transaction, including the adoption of the Merger Agreement by Fitbit’s stockholders and the receipt of certain governmental and regulatory approvals; the occurrence of any event, change or other circumstance that could give rise to the termination of the Merger Agreement; the outcome of any legal proceedings that may be instituted against Fitbit related to the Merger Agreement or the proposed transaction; unexpected costs, charges or expenses resulting from the proposed transaction; the occurrence of a Company Material Adverse Effect (as defined in the Merger Agreement); and other risks that are described in the reports of Fitbit filed the SEC, including but not limited to the risks described in Fitbit’s Annual Report on Form 10-K for its fiscal year ended December 31, 2018, and that are otherwise described or updated from time to time in other filings with the SEC. Fitbit assumes no obligation to update the information in this communication, except as otherwise required by law. Readers are cautioned not to place undue reliance on these forward-looking statements that speak only as of the date hereof.

View source version on businesswire.com: https://www.businesswire.com/news/home/20191101005318/en/

Fitbit
Investor Contact: Tom Hudson, (415) 604-4106 investor@fitbit.com
Media Contact: Jen Ralls, (415) 941-0037 PR@fitbit.com

Source: Fitbit, Inc.