{"id":31931,"date":"2019-11-20T15:03:12","date_gmt":"2019-11-20T15:03:12","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/30703\/Official-Monero-Website-Hacked-Delivers-Backdoored-Software.html"},"modified":"2019-11-20T15:03:12","modified_gmt":"2019-11-20T15:03:12","slug":"official-monero-website-hacked-delivers-backdoored-software","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/","title":{"rendered":"Official Monero Website Hacked, Delivers Backdoored Software"},"content":{"rendered":"<div><strong><span>Introduction<\/span><\/strong><\/div>\n<div>Earlier this evening I saw a tweet appear which claimed Monero has been hacked and a malicious binary (instead of the real one) has been served:<\/div>\n<div>\n<blockquote class=\"twitter-tweet\">\n<div dir=\"ltr\" lang=\"en\">Warning Monero users: If you downloaded Monero in the past 24 hours you may have installed malware. Monero&#8217;s official website served compromised binaries for at least 30 minutes during the past 24 hours. Investigations are ongoing. <a href=\"https:\/\/t.co\/geqA4dIPar\">https:\/\/t.co\/geqA4dIPar<\/a><\/div>\n<p>\u2014 dark.fail (@DarkDotFail) <a href=\"https:\/\/twitter.com\/DarkDotFail\/status\/1196668999519657984?ref_src=twsrc%5Etfw\">November 19, 2019<\/a><\/p><\/blockquote>\n<\/div>\n<div>Post on Reddit:<br \/><a href=\"https:\/\/www.reddit.com\/r\/Monero\/comments\/dyfozs\/security_warning_cli_binaries_available_on\/\">https:\/\/www.reddit.com\/r\/Monero\/comments\/dyfozs\/security_warning_cli_binaries_available_on\/<\/a><\/p>\n<p>Github issue:<br \/><a href=\"https:\/\/github.com\/monero-project\/monero\/issues\/6151\">https:\/\/github.com\/monero-project\/monero\/issues\/6151<\/a><\/p>\n<p><strong><span>Linux binary<\/span><\/strong><\/p>\n<p>Thanks to user&nbsp;nikitasius I was able to retrieve the malicious binary:<br \/><a href=\"https:\/\/github.com\/monero-project\/monero\/issues\/6151#issuecomment-555511805\">https:\/\/github.com\/monero-project\/monero\/issues\/6151#issuecomment-555511805<\/a><\/p>\n<p>This binary is an ELF file with the following properties:<\/p>\n<ul>\n<li>MD5: d267be7efc3f2c4dde8e90b9b489ed2a<\/li>\n<li>SHA-1: 394bde8bb86d75eaeee69e00d96d8daf70df4b0a<\/li>\n<li>SHA-256: ab9afbc5f9a1df687558d570192fbfe9e085712657d2cfa5524f2c8caccca31<\/li>\n<li>File type: ELF<\/li>\n<li>Magic:&nbsp;ELF 64-bit LSB shared object, x86-64, version 1 (GNU\/Linux), dynamically linked (uses shared libs), for GNU\/Linux 3.2.0, from &#8216;x)&#8217;, not stripped<\/li>\n<li>File size:&nbsp;27.63 MB (28967688 bytes)<\/li>\n<\/ul>\n<div>When comparing the legitimate file and this ELF file, we notice the file size is different, and a few new functions have been added:<\/div>\n<div><strong>cryptonote::simple_wallet::send_seed<\/strong><\/div>\n<div>This function is immediately called after either opening or creating a new wallet, as can be seen in Figure 1 and 2 below.<\/div>\n<div>\n<table cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/1.bp.blogspot.com\/-XHNEOBK6e7k\/XdRcYIFLrKI\/AAAAAAAACQg\/LZPntlADAIYAlM_oSaenYzbA7U0fa4QyQCLcBGAsYHQ\/s1600\/create_wallet.PNG\" imageanchor=\"1\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" data-original-height=\"312\" data-original-width=\"720\" height=\"172\" src=\"https:\/\/1.bp.blogspot.com\/-XHNEOBK6e7k\/XdRcYIFLrKI\/AAAAAAAACQg\/LZPntlADAIYAlM_oSaenYzbA7U0fa4QyQCLcBGAsYHQ\/s400\/create_wallet.PNG\" width=\"400\"><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\">Figure 1 &#8211; Create wallet (legitimate)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/p>\n<table cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/1.bp.blogspot.com\/-vJ1q_yGPD5s\/XdRcYARrHeI\/AAAAAAAACQk\/HjcObVCjKzIdNq6fWtxLjyWS0QcmKXqwwCLcBGAsYHQ\/s1600\/seed.png\" imageanchor=\"1\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" data-original-height=\"652\" data-original-width=\"1600\" height=\"162\" src=\"https:\/\/1.bp.blogspot.com\/-vJ1q_yGPD5s\/XdRcYARrHeI\/AAAAAAAACQk\/HjcObVCjKzIdNq6fWtxLjyWS0QcmKXqwwCLcBGAsYHQ\/s400\/seed.png\" width=\"400\"><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\">Figure 2 &#8211; Call new seed function<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The seed will be sent to: node.hashmonero[.]com.<\/p>\n<p><strong>cryptonote::simple_wallet::send_to_cc<\/strong><\/p>\n<p>As you may have guessed, this function will send data off to the CC or C2 (command and control) server &#8211; this will be stolen funds.<\/p>\n<table align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/1.bp.blogspot.com\/-md4Kntj_F9Q\/XdRgmp8vKrI\/AAAAAAAACQ8\/smW9J4qlWGI425t6jZvhJHLqYIEhGOgZQCLcBGAsYHQ\/s1600\/sendtocc.PNG\" imageanchor=\"1\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" data-original-height=\"151\" data-original-width=\"737\" height=\"81\" src=\"https:\/\/1.bp.blogspot.com\/-md4Kntj_F9Q\/XdRgmp8vKrI\/AAAAAAAACQ8\/smW9J4qlWGI425t6jZvhJHLqYIEhGOgZQCLcBGAsYHQ\/s400\/sendtocc.PNG\" width=\"400\"><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\">Figure 3 &#8211; Send to cc<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Sending funds to the C2 is handled using an HTTP POST request to the following C2 servers:<\/p>\n<ul>\n<li>node.xmrsupport[.]co<\/li>\n<li>45.9.148[.]65<\/li>\n<\/ul>\n<p>As far I can see, it doesn&#8217;t seem to create any additional files or folders &#8211; it simply steals your seed and attempts to exfiltrate funds from your wallet.<\/p>\n<p><strong><span>Windows binary<\/span><\/strong><\/p>\n<p>The C2 server 45.9.148[.]65 also hosts a Windows binary with the following properties:<\/p>\n<ul>\n<li>MD5: 72417ab40b8ed359a37b72ac8d399bd7<\/li>\n<li>SHA-1:&nbsp;6bd94803b3487ae1997238614c6c81a0f18bcbb0<\/li>\n<li>SHA-256:&nbsp;963c1dfc86ff0e40cee176986ef9f2ce24fda53936c16f226c7387e1a3d67f74<\/li>\n<li>File type:&nbsp;Win32 EXE<\/li>\n<li>Magic:&nbsp;PE32+ executable for MS Windows (console) Mono\/.Net assembly<\/li>\n<li>File size:&nbsp;65.14 MB (68302960 bytes<\/li>\n<\/ul>\n<p>The Windows version is essentially doing the same things as the Linux version &#8211; stealing your seed and wallet funds &#8211; the function names are just different, e.g.&nbsp;<strong>_ZN10cryptonote13simple_wallet9send_seedERKN4epee15wipeable_stringE<\/strong>.<\/p>\n<table cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/1.bp.blogspot.com\/-xsAa0ktat4c\/XdRjsnm78aI\/AAAAAAAACRI\/0jhOY6UrmvwJ8WAQfVS0JMH1HOBoWvpqACLcBGAsYHQ\/s1600\/seed-win.PNG\" imageanchor=\"1\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" data-original-height=\"177\" data-original-width=\"664\" height=\"106\" src=\"https:\/\/1.bp.blogspot.com\/-xsAa0ktat4c\/XdRjsnm78aI\/AAAAAAAACRI\/0jhOY6UrmvwJ8WAQfVS0JMH1HOBoWvpqACLcBGAsYHQ\/s400\/seed-win.PNG\" width=\"400\"><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\">Figure 4 &#8211; Send to cc<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Note: this doesn\u2019t mean the official Windows binary was also compromised &#8211; it simply means there\u2019s also a compromised Windows binary out there. Only the Monero team can confirm if other binaries (besides the Linux one mentioned in this blog) have been compromised.<\/p>\n<p><strong><span>Detection<\/span><\/strong><\/p>\n<ul>\n<li>If you have a firewall or proxy, whether hardware or software, verify if you had any network traffic or connections to;<\/li>\n<li>\n<ul>\n<li>node.hashmonero[.]com<\/li>\n<li>node.xmrsupport[.]co<\/li>\n<li>45.9.148[.]65<\/li>\n<li>91.210.104[.]245<\/li>\n<\/ul>\n<\/li>\n<li>Remove all the binaries listed in this blog post;<\/li>\n<li>Verify the hashes of your Monero setup or installer file. Guides to do that here;<\/li>\n<li>\n<\/li>\n<\/ul>\n<div><strong>Note<\/strong>: What is a hash? A hash is a unique identifier. This can be for a file, a word, &#8230; It is preferred to use SHA256 hashes for file integration checks.<\/div>\n<div>You may also use the following Yara rule to detect the malicious or compromised binaries:<\/div>\n<div><strong><span>Recommendations<\/span><\/strong><\/div>\n<ul>\n<li>Install an antivirus, and if possible, use a firewall (free or paid is of less importance);<\/li>\n<li>If you already use an antivirus: it may be a good idea to not exclude a specific folder in your antivirus when using Monero (or other miners), and if needed, only do so <strong>after<\/strong>&nbsp;the hashes have been verified;<\/li>\n<li>Restore your seed or account;<\/li>\n<li>\n<\/li>\n<li>Monitor your account\/wallet for the next days and verify there have been no fraudulent transactions. Contact the Monero team for support.<\/li>\n<\/ul>\n<div>Note: Especially go through the steps if at any point you downloaded, used or installed new binaries between these dates:&nbsp;Monday 18th 1:30 AM UTC and 5:30 PM UTC. Download the latest version from:&nbsp;<a href=\"https:\/\/web.getmonero.org\/downloads\/\">https:\/\/web.getmonero.org\/downloads\/<\/a>.<\/p>\n<p><strong><span>Monero team statement<\/span><\/strong><\/p>\n<\/div>\n<div>The Monero team has issued a statement as follows:<\/p>\n<p>Warning: The binaries of the CLI wallet were compromised for a short time:<\/p>\n<\/div>\n<div><strong><span>Conclusion<\/span><\/strong><\/p>\n<p>Monero is not the first, nor will it likely be the last cryptocurrency (in this case, its website and binaries) that gets compromised.<\/p>\n<p>Follow the steps in this blog post to protect yourself and always watch your online accounts closely, especially those where you have financially invested in. Use strong passwords, use MFA (or 2FA) where possible and always be vigilant. Verify hashes when a new version is available.<\/p>\n<p>Note: this blog post is not intended to be a full analysis, but rather a quick report on the facts, including recommendations. Questions or feedback? Happy to hear it!<\/p>\n<p>Let me know in the comments below or on <a href=\"https:\/\/twitter.com\/bartblaze\/\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>.<\/p>\n<\/div>\n<div><strong>Indicators<\/strong><\/div>\n<table class=\"tableizer-table\">\n<thead>\n<tr class=\"tableizer-firstrow\">\n<th>Indicator type<\/th>\n<th>Indicator<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>FileHash-SHA256<\/td>\n<td>7ab9afbc5f9a1df687558d570192fbfe9e085712657d2cfa5524f2c8caccca31<\/td>\n<\/tr>\n<tr>\n<td>FileHash-SHA256<\/td>\n<td>963c1dfc86ff0e40cee176986ef9f2ce24fda53936c16f226c7387e1a3d67f74<\/td>\n<\/tr>\n<tr>\n<td>hostname<\/td>\n<td>www.hashmonero.com<\/td>\n<\/tr>\n<tr>\n<td>hostname<\/td>\n<td>node.xmrsupport.co<\/td>\n<\/tr>\n<tr>\n<td>hostname<\/td>\n<td>node.hashmonero.com<\/td>\n<\/tr>\n<tr>\n<td>FileHash-MD5<\/td>\n<td>d267be7efc3f2c4dde8e90b9b489ed2a<\/td>\n<\/tr>\n<tr>\n<td>FileHash-MD5<\/td>\n<td>72417ab40b8ed359a37b72ac8d399bd7<\/td>\n<\/tr>\n<tr>\n<td>FileHash-SHA1<\/td>\n<td>6bd94803b3487ae1997238614c6c81a0f18bcbb0<\/td>\n<\/tr>\n<tr>\n<td>FileHash-SHA1<\/td>\n<td>394bde8bb86d75eaeee69e00d96d8daf70df4b0a<\/td>\n<\/tr>\n<tr>\n<td>IPv4<\/td>\n<td>91.210.104.245<\/td>\n<\/tr>\n<tr>\n<td>IPv4<\/td>\n<td>45.9.148.65<\/td>\n<\/tr>\n<tr>\n<td>domain<\/td>\n<td>hashmonero.com<\/td>\n<\/tr>\n<tr>\n<td>domain<\/td>\n<td>xmrsupport.co<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>On AlienVault:<\/p>\n<p><a href=\"https:\/\/otx.alienvault.com\/pulse\/5dd4574fc7c82cddbdcb8d12\">https:\/\/otx.alienvault.com\/pulse\/5dd4574fc7c82cddbdcb8d12<\/a><\/p>\n<\/div>\n<\/div>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/30703\/Official-Monero-Website-Hacked-Delivers-Backdoored-Software.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":31932,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[7820],"class_list":["post-31931","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinecybercrimefraudcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Official Monero Website Hacked, Delivers Backdoored Software 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Official Monero Website Hacked, Delivers Backdoored Software 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-20T15:03:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/official-monero-website-hacked-delivers-backdoored-software.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"173\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Official Monero Website Hacked, Delivers Backdoored Software\",\"datePublished\":\"2019-11-20T15:03:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/\"},\"wordCount\":988,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/official-monero-website-hacked-delivers-backdoored-software.png\",\"keywords\":[\"headline,cybercrime,fraud,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/\",\"name\":\"Official Monero Website Hacked, Delivers Backdoored Software 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/official-monero-website-hacked-delivers-backdoored-software.png\",\"datePublished\":\"2019-11-20T15:03:12+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/official-monero-website-hacked-delivers-backdoored-software.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/official-monero-website-hacked-delivers-backdoored-software.png\",\"width\":400,\"height\":173},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/official-monero-website-hacked-delivers-backdoored-software\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,cybercrime,fraud,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinecybercrimefraudcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Official Monero Website Hacked, Delivers Backdoored Software\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Official Monero Website Hacked, Delivers Backdoored Software 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/","og_locale":"en_US","og_type":"article","og_title":"Official Monero Website Hacked, Delivers Backdoored Software 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-11-20T15:03:12+00:00","og_image":[{"width":400,"height":173,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/official-monero-website-hacked-delivers-backdoored-software.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Official Monero Website Hacked, Delivers Backdoored Software","datePublished":"2019-11-20T15:03:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/"},"wordCount":988,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/official-monero-website-hacked-delivers-backdoored-software.png","keywords":["headline,cybercrime,fraud,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/","url":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/","name":"Official Monero Website Hacked, Delivers Backdoored Software 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/official-monero-website-hacked-delivers-backdoored-software.png","datePublished":"2019-11-20T15:03:12+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/official-monero-website-hacked-delivers-backdoored-software.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/official-monero-website-hacked-delivers-backdoored-software.png","width":400,"height":173},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/official-monero-website-hacked-delivers-backdoored-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,cybercrime,fraud,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinecybercrimefraudcryptography\/"},{"@type":"ListItem","position":3,"name":"Official Monero Website Hacked, Delivers Backdoored Software"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/31931","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=31931"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/31931\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/31932"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=31931"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=31931"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=31931"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}