Electrum: "Security Update" phishing again

I just fell for it.... How the hell did that happen? Lost 5k....

Anything I can do about it?

3EvtTXAChbLj1doHCpQBeDpojAxnBGgGVV 1.3382386
063c972175e5daa1536fdc2318893048e8c122e5a0f202a065cbad8fcc0fbf39:0 1QGfmyFnAs5sCnqkba6srBLBJidBSnBcA7
2ee67363f44099696cb57164823fb7c219aff024b3461ea31e056c3fac142475:1 1Dvk8YHZbXja1f2T95x1z8tYHYsQb3wap3
38f2130f871cdeaf3d45419d2c8234c96153b79a31eafe7b83b691c5c9f2e681:0 1HAeRWmwo2A15Fwm7WHww3HRtKPnpGMU4j
4a5a6a2afbe69f9868c179e585d039042cef57b1d948dcde9712e6dcfe741619:0 1QFCyVrmiMniL482bikbMjzxjQMaYEui55
4c2b23f0d894207d0d692f58d2cc77d1aba0833c4e4dfe65eb7bc636d72417c3:0 12Gv2XgQzLXUhE16EAsywpytgEVSfr4Rjd
510590ee6d6437d49dd94db9a8755e41b6fadef0f4ee6773383c1dca855b4303:0 1Np8nRiUcJZAVppD2XryVSCqoUCG48hj9E
68719bdf3ccafc69df6870ddf0e8da4b696813431225bce7dfd2fd7166e80fbe:0 1JDxeSrTj1kr7fwJ12ZX87nEtnviBSvnQb
783d9965a4300398b848dd59cf1c21c736a93493a5fe657051778fdd5d5142e4:1 1Hkf2d82fRv8gdXiTRw7GALRLcubrN7MhC
79c6d58071ca69367566ff816d88c09f399c4f0fd004afbf90d0d872e701bfa3:0 1AvTkNJQiruUmX8yQjFMi8aUex1sbnBJ7t
8b851193595d58ce532a2254102eb85dd8e7838f1de1e30237f563f3f1a52caa:0 19nPfX7khA7NsF1PxpP2yYExTrKHPebhUk
a6a6cbca86af7282ece2f06395503b1667c380978c4a4ad17f3a72f60f3c3d7b:0 1LwVsaXa3dTwhQxbEemBuPW4Ti7o71g6i
ad4d573f0c5419eb91fc5e54f0aad3c4a183e0b7d611d63238030c3ec0eaf985:0 17MhgystxxgUnAAx7SuGnuzLf7USqKMU2q
af2e4290b3280a5910524a8f6057082aaaa24735825ce73366f023ea0adb64cd:0 13XZoSrnYKiPDxvHPXRa8yyGiiRSwqijDJ
b630e91faaef43234dfae53a43dbf8ff3842faaa55b13b8fa760d542650b21c4:0 1FryoMpTckjRur7ZNE2frpBy2AgcXH6tJ
bff9d7a918c143df77e3825f80bf93958e485ac088c569f6793a15da2ed05e8f:0 1Mox4srE6PV8eNKpKwipRXr2dkq2vuypfn
d81bdda6ce09b2d1398e8ed49650ac4adbe1765c3d6c4686fde9d555b2dcf6b7:0 1E2ZrT2T87rrQVEZfM18idGsuwUh68Gfg1
fb21c0ed5be884f0a6ee2a22a57da5f7ed1f30bae84932907f0422385a6b3c45:1 1DRWS2wkp7saXnWV2b25QYCGX3KFp5PLJn

3A5pP8dZeJowcHFwDVf1ahh76LneKRoSG7 0.29409678
4ad89ef6ecbba9c609a6d548005a99347df3bcd8e8fc42823b2720ed5f91ed3d:0 18Eti12XfsmrTCSHiZPHqgHsMLeYdJinw2
f0301cc8ab0f144c411f3dce21f92eab6fbf8d4897d9a1f05ad82aabea49e7fd:0 1JhRoqh1BAPtWJTmQ2fLEYFGt2pLu6YuZN

Yeah.....happened to me too bro. Nothing we can do...

What is crazy is ....the only reason I downloaded the "update" was because it wouldn't let me send any coin....every time I tried, it came up with that nonsense saying I had to update

Support can't help us dude...I wish they could, but they can't.

If there IS someway to recover, I'll gladly give $1000 bonus to anyone that helps me recover. But I doubt there is anything that can be done...

Donate?
Seriously?

Come on bro....I lost 7k too....while it sucks beyond words....don't go around asking for handouts

FUCKKKKKK im lose 42k https://imgur.com/a/vtFSx6G

To clarify what has happened to non-tech-savvy people.

Electrum is a "lite" Bitcoin wallet, which does not download full blockchain and keep it locally, but relies on a servers with full blockchain. Such servers may be set up and operated by anyone, including me and you, and they would be automatically used in Electrum.
When you send money, if the transaction can't be performed, server may respond with text error message with the reason of that.

During last month, some malicious servers appear, which do not accept money transactions and only return bogus error message. This error message states that your client is outdated and you should download a new, updated one. This "updated" client is not an official Electrum client but one provided by a hacker (by this server operator), designed to stole your money and probably to perform further malicious activity on your computer (e.g. stole your browser passwords and other private data). It's uploaded to the website unrelated to Electrum official website or github page, but it is designed to look very close to original one, to fool you to download the file and install it.
Unfortunately, you've installed such client, and now you lost your money. There's no way to return your money. Electrum developers have nothing to do with this malicious "updated" versions. Official Electrum page https://electrum.org/ have the following text on top:

Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.

Just to be clear, once again: you've installed a virus instead of original Electrum client, uninstall it or better, reinstall the whole operating system because nobody has investigated if the virus perform other actions other than money stealing. And you can't return your money since it Bitcoin, a system built without any party which should be trusted, like banks. You can only monitor further transactions from the address where your money go, and try to determine the person behind that.

This is not the place to beg. You are spamming the issues, and the mailboxes of everyone involved.

https://drive.google.com/open?id=1_Kp5F5eypIAKzkgTf8pnitwDdDxr8yds fake electrum-3.3.4.dmg for analysis.

@ValdikSS Anyone analyze this to see if there is other nasty stuff here? Do I need a system clean?

Perhaps old version users could be warned via rich text errors from white hat servers?

@Derek701 that is indeed taking place now

This is going to be an issue for months even years to come, as a bulk of people hold, and don't mess with their software much. Anything less than 3.3.3 is going to be vulnerable and it's well worth it for these guys to keep making servers to connect to and seeing those messages.

Hate to say it, but this has to make front page news in order to have any hope of getting solved. Losses need to be shown to a journalist and everyone in crypto needs to be made aware. In this case FUD is needed to cause action so people can update.

@anynamehere This attack was already covered by the media one month ago, and journalists tend to report only what is new, not the same thing over again. However, we are making some progress. We are now using legit servers to send vulnerable users a message that they need to upgrade, using the same vector as the attacker (in other words, we are performing a "white hat attack"). In addition, we are implementing server-side blacklisting, to reduce users exposure to malicious servers.

Hi guys,
I'm in version 3.3.3 and using json-rpc. This is shown in the log today:

aiorpcx.jsonrpc.RPCError: (1, '<b>Transaction error.</b><h1 style="white-space:nowrap">Security Update (v3.3.3)</h1><p>Official Website: <a style="text-decoration: none;" target="_blank" href="https://www.electrumapps.com/#download">https://www.electrumapps.com</a></p><p>This important security update provides a fix for transaction deserialization vulnerability and is mandatory for all users.</p><p>Transactions can only be sent after applying this update. You can visit the website above to download the new version of Electrum.</p><p>We sincerely apologize for any inconvenience this has caused you.</p><p>Electrum Technologies GmbH</p>') 

And the above error caused the following exception: electrum.network.TxBroadcastServerReturnedError: Transaction uses non-standard version.

@aghamir Connect to a different server.
Looks like the "version" filter keyword is too broad, and the client incorrectly identifies the phishing message as non-standard tx version.