Electrum wallet virus

[digaran]

Warning, read the news header in here, do not use Electrum 3.0.3 because it is compromised, update your Electrum clients immediately.

[pooya87]

Warning, read the news header in here, do not use Electrum 3.0.3 because it is compromised, update your Electrum clients immediately.[/color][/size]

stop being dramatic, Electrum is not compromised and it certainly has NOTHING to do with this topic.

what happened is that any version below 3.0.3 has a vulnerability that may be compromised if
- you have Electrum open
- you haven't set a password
- at the same time you visit a website that is looking for this exploit and runs a script using the RPC commands to steal your private keys

[TeePee]

Quick question guys:

I'm not very good with computers and I therefore have troubles understanding how to verify a signature. I read everywhere that you need to do this when downloading Electrum 3.0.4
Would it be incredibly dangerous to therefore skip that step, as long as I make sure I only download Electrum from the official website https://electrum.org/#download ?
After all, the version on there has to be the original, real one for sure? Any yes, some people will now probably answer that you can never be sure, but as long as I can be 99,9999999% sure then it's fine for me.

[ranochigo]

Would it be incredibly dangerous to therefore skip that step, as long as I make sure I only download Electrum from the official website https://electrum.org/#download ?

Generally speaking, no. Its relatively hard to replace the information on that site. However, it is by no means, impossible if you have a zero day exploit or is a huge organisation with vast resources (ie. Governments).

After all, the version on there has to be the original, real one for sure? Any yes, some people will now probably answer that you can never be sure, but as long as I can be 99,9999999% sure then it's fine for me.

No. There's no such thing as real or fake. If you were to download from there and verify the signature, it would be just like saying you trust ThomasV and he is correct.

If you need to verify: https://bitcointalk.org/index.php?topic=2489301.msg25624488#msg25624488.

[AlexBeast]

Hey guys, I know It's an old thread, but my antivirus
finds new infected files every 5 minutes

always in the same directory.. I can't do a system restore because it's windows 8.1 recovery error 0x80070005

And every single infected file ends with .pyc
e.g.: bitcoin.pyc

.pyc are compiled python files (modules loaded in scripts).
Did you already try to do a full scan of your pc with your AV?

How is this problem related to electrum? Did this problem start occuring after you installed electrum?
If so, did you check the signature or at least the checksum?

You can find the signature for the current windows installer [1] and the standalone executable [2] on their official site, just like the ThomasV's PGP key [3].
You can verify your files (if you have gpg installed) with gpg --verify electrum-3.0.3.exe.asc electrum-3.0.3.exe in your command line.

[1] .asc
[2] .asc
[3] https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6

Yeah, It happend immediately after installing Electrum and GPG thing, I don't know which one is the culprit. I managed to restore my system..
But I'm still using Electrum 2.xx.
I'm afraid of using the gpg verifier because It might happen again. So I'll backup my system and try Electrum 3.0.3.

[thenarog]

Very strange Electrum 3.04 seems a phising link for me...They say to update but i can't read nothing on electrum official website.

[keyboard warrior]

Very strange Electrum 3.04 seems a phising link for me...They say to update but i can't read nothing on electrum official website.

This warning is written at the top of the electrum website home page. I don't know how you missed it.

https://electrum.org/#home

Security Notice: A vulnerability has been found in Electrum, and patched in version 3.0.5. Please update your software if you are running an earlier version

The release notes on the electrum github explain that version 3.0.4 didn't completely fix the vulnerability, so version 3.0.5 was quickly released a day later.

https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

# Release 3.0.5 : (Security update)

This is a follow-up to the 3.0.4 release, which did not completely fix
issue #3374. Users should upgrade to 3.0.5.

 * The JSONRPC interface is password protected
 * JSONRPC commands are disabled if the GUI is running, except 'ping',
   which is used to determine if a GUI is already running

[HCP]

Somewhat confusingly... the links on the "download" page still link to version v3.0.3 downloads!!?!

For the record, the v3.0.5 downloads are here: https://download.electrum.org/3.0.5/

Seems, like my chrome is "broken", or my ISP is caching stuff again to be "helpful"... *sigh*...

[ranochigo]

Somewhat confusingly... the links on the "download" page still link to version v3.0.3 downloads!!?!

For the record, the v3.0.5 downloads are here: https://download.electrum.org/3.0.5/

Huh? It has been showing 3.0.5 for me for a long time. Try clearing your cache.

[bob123]

Very strange Electrum 3.04 seems a phising link for me...They say to update but i can't read nothing on electrum official website.

For the record, the v3.0.5 downloads are here: https://download.electrum.org/3.0.5/

Huh? It has been showing 3.0.5 for me for a long time. Try clearing your cache.

Version 3.0.5 got released about 13 hours ago, as a follow up to 3.0.4 (which mostly shut down the vulnerability) [1].
No way you got 3.0.5 for a long time now. You might verify the signature of your current version to exclude the possibility of a malicious application.

[1] Release notes: https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

[Darooghe]

Very strange Electrum 3.04 seems a phising link for me...They say to update but i can't read nothing on electrum official website.

This warning is written at the top of the electrum website home page. I don't know how you missed it.

https://electrum.org/#home

I don't see it either. could you give us a screenshot?
Maybe electrum.org is hacked.

[Darooghe]

I did verifying signature's process with GPG Kleopatra. electrum 3.0.5 verified but says the data could not be verified. Is there any problem with Electrum 3.0.5?

[keyboard warrior]

Very strange Electrum 3.04 seems a phising link for me...They say to update but i can't read nothing on electrum official website.

This warning is written at the top of the electrum website home page. I don't know how you missed it.

https://electrum.org/#home

I don't see it either. could you give us a screenshot?
Maybe electrum.org is hacked.

[HCP]

I did verifying signature's process with GPG Kleopatra. electrum 3.0.5 verified but says the data could not be verified. Is there any problem with Electrum 3.0.5?

No... it is just the way that GPG works... you can import keys, but not TRUST them... until you explicitiy trust the key you will see something like:



NOTE: THIS IS A GOOD SIGNATURE! The signature checks out, and the file is signed with the signature... YOU just haven't trusted it yet.


If you "trust" ThomasV... then you can sign the key, saying that you vouch for Thomas and he is legit and all things signed with his key are legit... then you will see something like this:




The important thing is that you DON'T see a red warning like this:


If you see "Invalid Signature" then that is BAD!

[thenarog]

I gat the new version of Electrum... Now impossible to open my wallet with the right password...
And when i try to recover it wth the seed words, it doesn't works...

Great job, what i have to do now ?

[HCP]

I gat the new version of Electrum... Now impossible to open my wallet with the right password...

Then the password you are typing in is incorrect. When was the last time you used the password you are trying to open the wallet? Was it months ago? or was it yesterday?

And when i try to recover it wth the seed words, it doesn't works...

How exactly are the seed words "doesn't works"? Is it giving an error? Is the "next" button not available... is it just showing a 0 balance? do you see any transaction history?

What sort of wallet was it? Standard? MultiSig? 2FA?

What wallet version did you upgrade from? What version have you just installed?

Can you confirm you downloaded the file from: https://electrum.org/#download and did you check the digital signature?

[thenarog]

I gat the new version of Electrum... Now impossible to open my wallet with the right password...

Then the password you are typing in is incorrect. When was the last time you used the password you are trying to open the wallet? Was it months ago? or was it yesterday?

And when i try to recover it wth the seed words, it doesn't works...

How exactly are the seed words "doesn't works"? Is it giving an error? Is the "next" button not available... is it just showing a 0 balance? do you see any transaction history?

What sort of wallet was it? Standard? MultiSig? 2FA?

What wallet version did you upgrade from? What version have you just installed?

Can you confirm you downloaded the file from: https://electrum.org/#download and did you check the digital signature?

1 / Last time was the 8 th january.
2 / I have the seed words. When i put them, i have my wallet back, but no money on it, no transactions, no history, nothing...
3 / Standard Wallet
4 / 2.8 to 3.04 first and 24 hours later 3.05 all from the Electrum official Website. I did all the verification, i was very suspicious about the new version...

Something wrong with Electrum and this story...Be very careful and thanks for any help.

[baundul]

There are no viruses in Electrum that remove the installed applications of antivirus. I used the official update of Electrum for but I have no problem. I think your downloaded software is infected or you download unknown wallet. So download the official wallet and used Electrum , do not worry.

[thenarog]

There are no viruses in Electrum that remove the installed applications of antivirus. I used the official update of Electrum for but I have no problem. I think your downloaded software is infected or you download unknown wallet. So download the official wallet and used Electrum , do not worry.

I used the same official electrum, i check it. I have a big problem with it.

[HCP]

1 / Last time was the 8 th january.
2 / I have the seed words. When i put them, i have my wallet back, but no money on it, no transactions, no history, nothing...
3 / Standard Wallet
4 / 2.8 to 3.04 first and 24 hours later 3.05 all from the Electrum official Website. I did all the verification, i was very suspicious about the new version...

If you look in the wallets folder (http://docs.electrum.org/en/latest/faq.html#where-is-my-wallet-file-located), are there other wallet files there? It's possible that you were not using the "default_wallet" with the earlier version of Electrum, and when you updated to the newer version, on first start, it defaulted back to "default_wallet", hence why your password is not working.

As for the seed restoring an empty wallet, have you ever used your seed words to restore your wallet before? It would seem you have a "valid" seed, but not the seed for your wallet I've seen several users over the last few months who have written down a valid seed but have some how ended up using a different wallet... So, when they try and restore from seed, they get an empty wallet.