Bitcoin Gold issued a critical alert and expanded the recall window for the Windows Wallet installer after a link on its Download page and the file downloads on its Github release page were found to be serving two suspicious files of unknown origin.
Users should presume the files were created with the malicious intent of stealing cryptocurrencies and or user information even though the files don't trigger antivirus or anti-malware software, according to a 26 November advisory.
“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the advisory said. “Anyone who downloaded the Windows Wallet file between 21 November 2017, 09:39 UTC, and 25 November 2017, 22:30 UTC, should not use the file in any way.”
Researchers recommend users who have tried to access the suspicious files take the safest course of action to ensure their devices haven't been infected and enlist the help of security professionals if necessary. The company has since secured its Github repository and doesn't believe a second attempt to compromise is possible.
Javvad Malik, security advocate at AlienVault, praised Bitcoin Gold for its prompt response. “Credit to Bitcoin Gold for detecting the malicious file within 36 hours – compared to many recent breaches, that is comparatively fast,” Malik said. “Highlighting how damage from an incident can be stemmed with rapid threat detection.”
He said criminals continue to follow the money, and as cryptocurrencies gain popularity and value, we will likely see more attacks against them.