An ongoing phishing attack has been reported against users of popular bitcoin wallet, Electrum. This has been confirmed in a tweet by the Electrum group where they remind users to be vigilant and not download wallets from unofficial sources.
Malicious servers have been deployed that broadcast a crafted error message when it receives a BTC transaction. These messages claim a security update is needed and attempt to get the user to download and install malware subsequently having their accounts compromised and BTC stolen.
The error message allows for crafted rich text which enabling the use of hyperlinks and other rich media.
It appears the attacker is using the following BTC wallet addresses to move and consolidate funds.
According to the Electrum team there has been a minor fix applied in version 3.3.2 which changes the rich text to plain text. not completely mitigating the attack, but it will make it easier to spot a bad actor.
As always whenever downloading software make sure you’re downloading it from the official website.