The developers of Bitmessage, It is the official client of the Bitmessage messaging service, have warned of a critical zero-day vulnerability “remotely executable” in the PyBitmessage application that was being heavily exploited on the network.Bitmessage is a peer-to-peer communication protocol (P2P) used to send encrypted messages to users. Since these are decentralized and trustless communications, it is not necessary to use entities such as root certification authorities.
It is believed that attackers exploiting this vulnerability to gain remote access are primarily seeking private keys of Electrum Bitcoin wallets stored on the compromised device, with which they could have stolen bitcoins.
The developers of Bitmessage have fixed the vulnerability with the release of the new version of PyBitmessage 0.6.3.2.
Therefore, if you are running an affected version of PyBitmessage, we recommend that you update your software to the version 0.6.3.2.
Since the vulnerability affects PyBitmessage version 0.6.2 and not PyBitmessage 0.6.1, you may also consider, downgrading your application to mitigate potential zero-day attacks.
Although the developers did not reveal further details about the critical vulnerability, users are advised to change all their passwords and create new Bitmessage keys, if they have any suspicion that their computers are compromised.