Some months ago it was reported in reddit a post about malicious servers on the Electrum network performing phishing attacks against the users of the Electrum wallet (a bitcoin client). It was confirmed by Electrum in this github issue. These fantastic posts in blog.coinbase.com and malwarebytes explained really well how the phishing attack was performed.
Recently I have found some malicious ElectrumX nodes in the Electrum network that are still being connected by the Electrum software. In this post I share some information about these nodes and the ElectrumX patched code that they execute.