WARNING: A fake electrum website with malware is advertising on duckduckgo and yahoo.


If you perform a search for electrum on duckduckgo or yahoo, an ad claiming to be electrum.org will be at the top.

In reality the ad links to:
electrum-bitcoin org

The domain was created December 21.

This site is nearly identical to electrum.org except the download links give different files. All three of the files that can be download are much smaller than the real electrum and are most likely malware.
The three files are:
electrum.exe – 91136 bytes
electrum.out – 60316 bytes
electrum.zip – 32478 bytes

When installing software, especially something as import as wallet software, it is a good idea to verify the integrity of the download with a signature using a key that was obtained from one or more seperate sources.

I made a list of the keys used to sign popular bitcoin wallets below to act as another source to verify the integrity of those keys.

Bitcoin-Qt:
Signer: Gavin Andresen gavinandresen@gmail.com
Fingerprint: 01CD F462 7A3B 88AA E4A5 71C8 7588 242F BE38 D3A8
Key ID: BE38D3A8
Key Link: bitcoin.org/gavinandresen.asc

Electrum:
Signer: ThomasV thomasv1@gmx.de
Fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
Key ID: 7F9470E6
Keyserver: pool.sks-keyservers.net

Multibit:
Signer: Jim Burton (multibit.org developer) jim618@fastmail.co.uk
Fingerprint: 299C 423C 672F 47F4 756A 6BA4 C197 2AED 79F7 C572
Key ID: 79F7C572
Keyserver: pgp.mit.edu

Armory:
Signer: Alan C. Reiner (Offline Signing Key) alan@bitcoinarmory.com
Fingerprint: 821F 1229 36BD D565 366A C36A 4AB1 6AEA 9883 2223
Key ID: 98832223
Keyserver: pgp.mit.edu

The signatures provided for some of the wallets are signatures of the hash values, so be sure to verify that the hash of the downloaded file matches the hash that was signed.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s