This is the message on their web page.
Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.
So again, what happened was i received a popup window that it is mandortory to install the latest update due to the hack. I pressed install update link on their page. and after 30 sconds eletrum shut down. and wouldnt open again. i tried to reinstall it and wont work.
now.. i went to my phone. installed it just now on android. restored my seed. and my bitcoins are still there... yet i installed the update just now? gonna send my bitcoins out to another wallet to be safe.
im just worried my pc now has a key logger? or maybe i am ok. because my coins are still there.
You said “Electrum auto-updated”, so what does that mean?
Are you saying that you went to Electrum.org, downloaded the new update and installed it? If that’s the case, then it’s ok.
Where exactly did you press this “install update link”? AFAIK, there is no such option in Electrum.org?
a pop up window and i cant remember what it said. but it said "due to a major malice in versions of eletrum older than 3.3 we are forcing users to install the latest update to send coins out. Press here to update now " And I pressed the link. and then 6 bars loaded as if the updates were being installed and then it crashed.
it never opened up a new internet explorer page that i downloaded. i pressed the "update now" button and it started updating , then after 30 seconds it crashed or shut down... and i couldnt open it again.
but all my coins are still here...
i just sent it to my local bitcoins wallet.. im afraid to login to binance in case i am key logged. but my binance will be good because i need to confirm any coins being sent out in my wallet from my email. and i havent signed into my email since this happened. so hackers can suck my giant dick. for now i am on stand by.
You shouldn't panic. Did you not write the seed words in a physical piece of paper by hand? This is the only thing that matters. You can delete your computer, install fresh, and use the seed words to get back to your wallet.
Practice this with a linux live iso, boot a
linux live iso, install electrum and use the seed words and there is your wallet and funds.
If you are paranoid consider installing that Linux in your computer. And use a password manager with a very good password. Never re-use the same password anywhere, the manager can generate random passwords for each site and keep them safe, so you might as well change all your passwords from that secured linux machine.
Why are windows users so prone to click to random spam? Even if it "comes from Electrum", spam is spam. No you don't need reminders to scare you, (twice) sigh.
Electrum is not
vulnerable, a true vulnerability would install malware without your interaction. This fake message is meaningless if you don't pay attention to it, close the window and change the server. Unfortunately you fell for it and clicked... Why? Do you click suspicious links from email too?
Well it doesn't matter, switch to Linux today, and hopefully you'll learn better habits from now on.
5 Reasons You Should Switch From Windows To Linux Right Now