Electrum wallet being attacked

[Jeff.Bezos]

I get this notice from my malware bytes every time when open the software.
Is it the server I connect to? I actually have no Idea because I just downloaded the last version from electrum.org installed and right after click on the file I got this notice so I am not so sure if it's the server that I connect to, or the file itself being infected?
Screenshot:
https://i.imgur.com/uBxD6Qx.png

[1714031292]

1714031292

[1714031292]

1714031292

[1714031292]

1714031292

[AB de Royse777]

I get this notice from my malware bytes every time when open the software.
Is it the server I connect to? I actually have no Idea because I just downloaded the last version from electrum.org installed and right after click on the file I got this notice so I am not so sure if it's the server that I connect to, or the file itself being infected?
Screenshot:

Quoting for image visibilities.

I am not sure about this

Code:

electrumx.strangled.net

Have you downloaded the wallet from https://electrum.org/#download site?

There are few things you need to ensure:
1. Check if you have downloaded the wallet from the official site: https://electrum.org/#download
2. Select the right OS for you. In my case windows installer http://prntscr.com/mp1v12
3. Check the signature (This is very important before installing the application).

Most of the time people avoid number three but this is really important. If you do not how to do it then use this tutorial: https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/

I found this was very helpful for me.

Cheers :-)

[Jeff.Bezos]

Thank you for the quick reply!
Actually yes, I downloaded from electrum.org and I double checked to make sure it's not a nulled version.
What do you mean checking the signature?

[Lucius]

Jeff.Bezos, first move your thread to here : https://bitcointalk.org/index.php?board=98.0 (look for move button).

I also use Malwarebytes Premium, but so far I have not had such problems with any Electrum server. It is possible that someone has reported that server to MB, and now it is on their list of riskware sites/programs.

You should just change server manually and see what will happen then. I post how to do it here.

Regarding signature verify, it is something you should done before you install Electrum. In this way you can verify that downloaded files are genuine,and not fake. Read about that here.

[Pmalek]

I checked the electrumx.strangled.net site on VirusTotal and it seems to be clean. I haven't tried opening it though since I am not sure what it is. I assume it is one of the servers used by Electrum.
https://www.virustotal.com/#/url/b56f6bd2a4319ed112d943fdf1a2d8a64d0a17188206939846a66ada99c61f4f/detection

[nc50lc]

Actually yes, I downloaded from electrum.org and I double checked to make sure it's not a nulled version.

But that's a weird default installation directory for Windows installer version: C:/Program Files (x86)/ElectrummS3/electrum-e.3.3.4.exe
Electrum will never use that directory nor folder name unless you named it like that.

Have you checked your browser's or internet options' proxy settings? Because some malware are able to set it (even with AV) to redirect your browser to malicious sites like fake electrum sites.
I suggest to stop using it for now until you verified the signature.

[AB de Royse777]

What do you mean checking the signature?

A signature gives you options to verify the file you downloaded. Anyone can create a fake Electrum software and push a virus in there and you will end up losing your BTC if he wants. So verification of authenticity is very important.

You already have the process here by another user:

Regarding signature verify, it is something you should done before you install Electrum. In this way you can verify that downloaded files are genuine,and not fake. Read about that here.

But the detailed will be in the link I have given on my earlier post.

[Jeff.Bezos]

No need to check the signature since I already downloaded from the original website. Electrum.org and I double verified before I downloaded. Also, I changed the name of the setup. thing is really weird because I am not connecting to this server at all. I get this msg even when I am into a different server.

[Rath_]

No need to check the signature since I already downloaded from the original website.

There is always a slight chance that the file might have been temporarily replaced by an attacker with a malicious one. Verifying signature takes less than a minute and it can save you a lot of problems.

[joniboini]

No need to check the signature since I already downloaded from the original website. Electrum.org and I double verified before I downloaded. Also, I changed the name of the setup. thing is really weird because I am not connecting to this server at all. I get this msg even when I am into a different server.

What kind of verification that you did? Checking the site name twice?
Remember that it is also possible that your DNS was hijacked, so you've download a malicious app. I'd rather verify it just to be safe.

[Myrnyi]

No need to check the signature since I already downloaded from the original website. Electrum.org and I double verified before I downloaded. Also, I changed the name of the setup. thing is really weird because I am not connecting to this server at all. I get this msg even when I am into a different server.

What kind of verification that you did? Checking the site name twice?
Remember that it is also possible that your DNS was hijacked, so you've download a malicious app. I'd rather verify it just to be safe.

Excuse me... So even you cannot be sure in security! For example, before installing electrum you need to install a correct OS. How can you be sure your OS is real! Maybe  you downloaded your OS ( for example, ubuntu) not from real ubuntu.com, but someone hijacked your DNS...

[pooya87]

No need to check the signature since I already downloaded from the original website. Electrum.org and I double verified before I downloaded. Also, I changed the name of the setup. thing is really weird because I am not connecting to this server at all. I get this msg even when I am into a different server.

What kind of verification that you did? Checking the site name twice?
Remember that it is also possible that your DNS was hijacked, so you've download a malicious app. I'd rather verify it just to be safe.

Excuse me... So even you cannot be sure in security! For example, before installing electrum you need to install a correct OS. How can you be sure your OS is real! Maybe  you downloaded your OS ( for example, ubuntu) not from real ubuntu.com, but someone hijacked your DNS...

that is why the concept of checking the authenticity of a downloaded file was invented. which means you download anything from the internet and then check its authenticity with a key that you trust. under the hood the (asymmetric) cryptography that is used gives an easy way of verifying that with virtually zero chance of fault.

the most common case is usage of PGP signatures. which means when you download Ububtu for example you verify the ISO file signature against the public key using the cryptographic scheme that was used and if you  get a "thumbs up" you can be sure it was the real OS.

so now it doesn't matter where you download the file from, you don't even have to go to ubuntu.com, you can go to anywhereelseevenafakesite.com and download the ISO and as long as you verify its signature with the real public key and get the valid signature you will be good to go.

[Myrnyi]

No need to check the signature since I already downloaded from the original website. Electrum.org and I double verified before I downloaded. Also, I changed the name of the setup. thing is really weird because I am not connecting to this server at all. I get this msg even when I am into a different server.

What kind of verification that you did? Checking the site name twice?
Remember that it is also possible that your DNS was hijacked, so you've download a malicious app. I'd rather verify it just to be safe.

Excuse me... So even you cannot be sure in security! For example, before installing electrum you need to install a correct OS. How can you be sure your OS is real! Maybe  you downloaded your OS ( for example, ubuntu) not from real ubuntu.com, but someone hijacked your DNS...

that is why the concept of checking the authenticity of a downloaded file was invented. which means you download anything from the internet and then check its authenticity with a key that you trust. under the hood the (asymmetric) cryptography that is used gives an easy way of verifying that with virtually zero chance of fault.

the most common case is usage of PGP signatures. which means when you download Ububtu for example you verify the ISO file signature against the public key using the cryptographic scheme that was used and if you  get a "thumbs up" you can be sure it was the real OS.

so now it doesn't matter where you download the file from, you don't even have to go to ubuntu.com, you can go to anywhereelseevenafakesite.com and download the ISO and as long as you verify its signature with the real public key and get the valid signature you will be good to go.

For example, ubuntu iso hasn't any signiture, only checksum...

[pooya87]

~
For example, ubuntu iso hasn't any signiture, only checksum...

it does have PGP signatures! but since ISO is big (Ubuntu 18.04 is nearly 2 GB) they use SHA hashes and then sign the hashes with their PGP private key and release the signature of that file instead.
so what you do is that you first check the signature of the hashes to see if you have the correct hash list file and then hash the file itself to see the file is correct.

in other words it is a combination of authenticity and integrity with 2 steps.

[Myrnyi]

~
For example, ubuntu iso hasn't any signiture, only checksum...

it does have PGP signatures! but since ISO is big (Ubuntu 18.04 is nearly 2 GB) they use SHA hashes and then sign the hashes with their PGP private key and release the signature of that file instead.
so what you do is that you first check the signature of the hashes to see if you have the correct hash list file and then hash the file itself to see the file is correct.

in other words it is a combination of authenticity and integrity with 2 steps.

For this you need to know fingerprint of signature. For example, I exactly know fingerprint for electrum files, because I watched a video with this fingerprint and Thomas V standing beside.

[Myrnyi]

Moreover, you cannot verify google chrome file with signature, you cannot verify avast antivirus exe file with signiture, and most of known apps haven't got any signatures to verify them! And if they do have got such  signatures, you cannot trust them without checking reality of their fingerprints. But how can you  do it? You need to be sure that fingerprints are real!

[Myrnyi]

it does have PGP signatures! but since ISO is big (Ubuntu 18.04 is nearly 2 GB) they use SHA hashes and then sign the hashes with their PGP private key and release the signature of that file instead.
so what you do is that you first check the signature of the hashes to see if you have the correct hash list file and then hash the file itself to see the file is correct.

in other words it is a combination of authenticity and integrity with 2 steps.

For this you need to know fingerprint of signature. For example, I exactly know fingerprint for electrum files, because I watched a video with this fingerprint and Thomas V standing beside.

To be fair, why do you trust the video you've seen? There's probability the video is edited.

The reality 100% trustless environment is impossible and you're forced to trust someone at some point.

You are right! And you need to trust Thomas V! He is only a human and can change his mind...

[Rath_]

You are right! And you need to trust Thomas V! He is only a human and can change his mind...

If you are this much paranoid then you can compile Electrum on your own since it's open-source. I'm quite sure that other developers of Electrum sign the executable file with their own private key, but I can't find any example right now. Oh wait, Microsoft has acquired GitHub so by that line of thought, you have to trust them as well.

[pooya87]

~
For example, ubuntu iso hasn't any signiture, only checksum...

it does have PGP signatures! but since ISO is big (Ubuntu 18.04 is nearly 2 GB) they use SHA hashes and then sign the hashes with their PGP private key and release the signature of that file instead.
so what you do is that you first check the signature of the hashes to see if you have the correct hash list file and then hash the file itself to see the file is correct.

in other words it is a combination of authenticity and integrity with 2 steps.

For this you need to know fingerprint of signature. For example, I exactly know fingerprint for electrum files, because I watched a video with this fingerprint and Thomas V standing beside.

have you even checked Ubuntu before making these comments? you already have all that. https://help.ubuntu.com/community/VerifyIsoHowto and their signatures have been in work since 2004 (15 years)

Moreover, you cannot verify google chrome file with signature, you cannot verify avast antivirus exe file with signiture, and most of known apps haven't got any signatures to verify them! And if they do have got such  signatures, you cannot trust them without checking reality of their fingerprints. But how can you  do it? You need to be sure that fingerprints are real!

they also have signatures but in a different more automatic way that is specific to Windows and is more like a certificate and it requires payment. and instead of using PGP it uses RSA which is another asymmetric  cryptography scheme.
any other "most known app" that doesn't have that signature may not need it. for example you don't need to verify the signature of Adobe Photoshop because it is not security sensitive!

of course if you want to be paranoid, there is no end to how much your paranoia is going to go, as it was mentioned your only remaining option would be to only use open source softwares and compiling all of them from source on your own.