Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: A new malware designed to beat 2-fa authentication - page 2. (Read 355 times)

Pab
legendary
Activity: 1862
Merit: 1012
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 09:49:46 AM
#15
Quote from: ranman09 on February 01, 2019, 12:38:03 AM
Quote from: pooya87 on February 01, 2019, 12:26:36 AM
that is why "encryption" exists!
you encrypt everything with a password and nobody is going to be able to have access to your data that easily. for example in this case you can encrypt your stored passwords in your browser with a master password that they allow you to set. that way the passwords are stored on your disk encrypted. for example using Firefox you can go to your setting and type in "master password" in the settings search bar and check its box and set a strong encryption password:
Code:
about:preferences#searchResults

Interesting I didn't know firefox can do this. Do we have the same option for google chrome?

That is nice thanks for sharing
It can be very good to use it
I have been reading that together with new IT technology we will also have new much improved hacking methods unfortunately it is going together
So good move is to use encryption for protection
Personally i don't like to  use any extension in my browser
I can recommend you to try Proton VPN i use his VPN long time and i am very happy also because i have better internet with his vpn
You can even pay with btc for upgrading version only 46 euro a year
bitfocus
member
Activity: 532
Merit: 15
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 08:29:32 AM
#14
such development is super alarming! most of the users trust 2FA - now those days are gone!
kelz1
copper member
Activity: 140
Merit: 3
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 04:37:02 AM
#13
This development is very alarming, exchanges should start to offer 3 factor authentication. Those who trade big might have several bitcoins left on the exchanges to day trade.
romero121
legendary
Activity: 3164
Merit: 1213
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 04:29:10 AM
#12
When you find something alarming it's our responsibility to make ourself active in the process of securing our funds. In the past I've lost more than 0.5btc due to the security breach, as I haven't enabled 2FA. Once after enabling I never found anything go wrong. Now the news to defeat 2FA shows the increased hackers into the cryptocurrency network. Right now it seems hardware wallet is the best in the market for Cryptocurrency holdings.
kkgfhj123
jr. member
Activity: 56
Merit: 4
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 04:26:54 AM
#11
One are the other way we all are dependent on third party like crome or safari... I thinking data being leaked from chrome and safari is the trust issue... This a horrible new Undecided

Hardware wallets are the only option to secure your funds
shirackjs
sr. member
Activity: 812
Merit: 256
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 04:21:53 AM
#10
This is alarming, 2FA is the additional step to secure our accounts in exchanges and online wallets. Now, it can be comprised which mean hackers are able to access our accounts easily.   Cry
qiman
hero member
Activity: 1036
Merit: 504
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 03:06:42 AM
#9
This is so unfortunate that the bad apples are working so hard to undermine mass adoption and make it very difficult for the average Joe Bloggs to enter crypto. Instead of being useful and becoming advocates for change and helping people join this big technical revolution, they prefer to work hard just for quick gain and out of malice to make sure less and less people want to join this niche market. Many newbies are frightened off because of this attitude from rogue entities and it scares them entering this space. I do hope that cyber police become more and more vigilant in catching these nasty people who are trying to undermine crypto and the blockchain for normal users and investors.
aoluain
legendary
Activity: 2282
Merit: 1268
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 02:55:45 AM
#8
Quote from: figmentofmyass on February 01, 2019, 02:33:30 AM
Quote from: kenzawak on January 31, 2019, 05:57:16 PM
Google Chrome and Apple Safari cookies are stolen.
Saved usernames and credit card information from Chrome are stolen.
Text messages backed up to Mac are stolen from victims’ iPhone.
Browser cookies are stolen to defeat login anomaly detection.
...
With this combination of login credentials and cookies, attackers can often bypass the two-factor authentication process protecting accounts.

sorry if this is a dumb question, but how exactly does this compromise 2FA?

all of the compromised data is browser-based (something you know, not something you have), with the exception of "stolen text messages". but old text messages shouldn't overcome SMS 2-factor authentication because those one-time codes are only good for a very limited time. and if you use TOTP-based 2FA, you should be completely safe.

can somebody walk me through this?

Good question and very relevant,, there must be something else to it.

Personally I have never used Chrome and I didnt fall for the "convenience"
of using it at the expense of compromising privacy.

Chrome allows third-party websites to access your IP address and any
information that site has tracked using cookies. If you care about privacy
at all, you should ditch the browser that supports a company using data
to sell advertisements and enabling other companies to track your online
movements

I have always used Firefox in private mode, I dont allow Firefox to store
my browsing history. This is something the Mozilla foundatuon have
always based the operations on.

We do not collect personally identifiable data, not what you do or what
websites you go to

https://www.fastcompany.com/90174010/bye-chrome-why-im-switching-to-firefox-and-you-should-too

I wonder why it is targeted solely to apple users, android users could surly
be targeted too?
figmentofmyass
legendary
Activity: 1652
Merit: 1483
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 02:33:30 AM
#7
Quote from: kenzawak on January 31, 2019, 05:57:16 PM
Google Chrome and Apple Safari cookies are stolen.
Saved usernames and credit card information from Chrome are stolen.
Text messages backed up to Mac are stolen from victims’ iPhone.
Browser cookies are stolen to defeat login anomaly detection.
...
With this combination of login credentials and cookies, attackers can often bypass the two-factor authentication process protecting accounts.

sorry if this is a dumb question, but how exactly does this compromise 2FA?

all of the compromised data is browser-based (something you know, not something you have), with the exception of "stolen text messages". but old text messages shouldn't overcome SMS 2-factor authentication because those one-time codes are only good for a very limited time. and if you use TOTP-based 2FA, you should be completely safe.

can somebody walk me through this?
pooya87
legendary
Activity: 3444
Merit: 10558
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 01:15:18 AM
#6
Quote from: ranman09 on February 01, 2019, 12:38:03 AM
Quote from: pooya87 on February 01, 2019, 12:26:36 AM
that is why "encryption" exists!
you encrypt everything with a password and nobody is going to be able to have access to your data that easily. for example in this case you can encrypt your stored passwords in your browser with a master password that they allow you to set. that way the passwords are stored on your disk encrypted. for example using Firefox you can go to your setting and type in "master password" in the settings search bar and check its box and set a strong encryption password:
Code:
about:preferences#searchResults

Interesting I didn't know firefox can do this. Do we have the same option for google chrome?

there is no such option for Google Chrome as far as i know and last time i checked they don't seem to have any plans on adding the feature either because they think it is not going to increase your security! there are extensions you can use but then again trusting these extensions is another problem.
ranman09
full member
Activity: 756
Merit: 112
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 12:38:03 AM
#5
Quote from: pooya87 on February 01, 2019, 12:26:36 AM
that is why "encryption" exists!
you encrypt everything with a password and nobody is going to be able to have access to your data that easily. for example in this case you can encrypt your stored passwords in your browser with a master password that they allow you to set. that way the passwords are stored on your disk encrypted. for example using Firefox you can go to your setting and type in "master password" in the settings search bar and check its box and set a strong encryption password:
Code:
about:preferences#searchResults

Interesting I didn't know firefox can do this. Do we have the same option for google chrome?
pooya87
legendary
Activity: 3444
Merit: 10558
Re: A new malware designed to beat 2-fa authentication
February 01, 2019, 12:26:36 AM
#4
that is why "encryption" exists!
you encrypt everything with a password and nobody is going to be able to have access to your data that easily. for example in this case you can encrypt your stored passwords in your browser with a master password that they allow you to set. that way the passwords are stored on your disk encrypted. for example using Firefox you can go to your setting and type in "master password" in the settings search bar and check its box and set a strong encryption password:
Code:
about:preferences#searchResults
elda34b
sr. member
Activity: 910
Merit: 351
Re: A new malware designed to beat 2-fa authentication
January 31, 2019, 11:06:24 PM
#3
Quote from: Malam90 on January 31, 2019, 10:55:43 PM
It is very alarming news for the general people who use Internet from PC, or Android. If Google Chrome isn't enable to protect such maleware, it is shocking. I think Google Chrome will detect this maleware soon.

Looks like it's more about Mac. It steals cookies, quite smart but it will only work if users choose to save cookies or something similar. A way to protect from this attack would be to always disable cookies, and avoid any malicious software. Let's hope Mac will be able to solve this issue soon.

Btw, this makes me think switching to GNU/Linux is one of my best choices in life.
Malam90
full member
Activity: 1099
Merit: 116
Re: A new malware designed to beat 2-fa authentication
January 31, 2019, 10:55:43 PM
#2
Quote from: kenzawak on January 31, 2019, 05:57:16 PM
https://www.newsbtc.com/2019/01/31/cryptocurrency-scam-mac/

"The software steals credentials, including browser cookies, to allow access to cryptocurrency exchange accounts. CookieMiner, as the malware is known, targets exclusively Mac users owing to the cross-device functionality of Apple’s products.
In addition to stealing login details and creatively subverting security precautions, the CookieMiner malware also uses the victim’s machine to covertly mine an obscure digital asset called Koto.
...
Google Chrome and Apple Safari cookies are stolen.
Saved usernames and credit card information from Chrome are stolen.
Text messages backed up to Mac are stolen from victims’ iPhone.
Browser cookies are stolen to defeat login anomaly detection.
...
With this combination of login credentials and cookies, attackers can often bypass the two-factor authentication process protecting accounts.
...
CookieMiner also installs mining software on the infected machine. Palo Alto Networks claim that the program is made to look like a piece of Monero-mining software. However, instead of mining the most frequently cryptojacked asset, it sets Mac users’ machine mining Koto, another privacy-focused cryptocurrency associated with Japan that can be mined using just a CPU."

It is very alarming news for the general people who use Internet from PC, or Android. If Google Chrome isn't enable to protect such maleware, it is shocking. I think Google Chrome will detect this maleware soon.
kenzawak
hero member
Activity: 658
Merit: 851
Re: A new malware designed to beat 2-fa authentication
January 31, 2019, 05:57:16 PM
#1
https://www.newsbtc.com/2019/01/31/cryptocurrency-scam-mac/

"The software steals credentials, including browser cookies, to allow access to cryptocurrency exchange accounts. CookieMiner, as the malware is known, targets exclusively Mac users owing to the cross-device functionality of Apple’s products.
In addition to stealing login details and creatively subverting security precautions, the CookieMiner malware also uses the victim’s machine to covertly mine an obscure digital asset called Koto.
...
Google Chrome and Apple Safari cookies are stolen.
Saved usernames and credit card information from Chrome are stolen.
Text messages backed up to Mac are stolen from victims’ iPhone.
Browser cookies are stolen to defeat login anomaly detection.
...
With this combination of login credentials and cookies, attackers can often bypass the two-factor authentication process protecting accounts.
...
CookieMiner also installs mining software on the infected machine. Palo Alto Networks claim that the program is made to look like a piece of Monero-mining software. However, instead of mining the most frequently cryptojacked asset, it sets Mac users’ machine mining Koto, another privacy-focused cryptocurrency associated with Japan that can be mined using just a CPU."
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: