Topic: Avoid dangerous downloads (Read 284 times)

FWIW, just asking for coder or anyone who can code probably isn't enough. I don't expect backdoor which intentionally added or security issue on low-level programming level can be discovered by average coder.

I totally agree that people need to be very careful when downloading apps especially for cryptocurrency wallets. If we download wrong app it can cause big problems like stealing our personal info or cryptocurrency. We should only download apps from trusted places and check them out first. We should also use antivirus software and keep our device system up to date to stay safe. Losing our cryptocurrency because of bad app is big risk so we should take steps to protect yourself. Otherwise the scammers have many methods too steal our money. So we should always be careful.

You can use antivirus to avoid risky downloads. Having a good antivirus on your device will protect your device from viruses. Antivirus will warn you if you download something that is malware. You can use kaspersky antivirus.
Thank you.

It's not special for cryptocurrency but security is a general thing that can infect our devices and can cause many damages on our individual data, accounts, money in banks or in cryptocurrency.

Let's assume that if you don't have good practice in security, and your device is infected and compromised, hence many bad things will happen, not only restricted to cryptocurrency you have on that device.

Therefore, having good practice offline, online on the Internet, is good generally and we all should maintain good practice.

Security and Privacy Encylopedia

We need to be careful when downloading software especially for cryptocurrency. Scammers create fake versions of real products like we have many examples they have made fake websites they just change a little in spelling to trick people into downloading bad software. So always check logo spelling, and website address to make sure we are getting real thing. This can help us avoid losing money and having security problems. We should always be cautious and we should do our own research before downloading anything.

It is a common misconception that open source means safe, even a reviewed code that is very popular. Being open source doesn't mean safe (ie. not-malicious and not bug-free). The reason is because majority of "users" download the binaries not the source code (to compile themselves) and that binary may or may not have been built from the same source code, even though the source code is available and reviewed.

Now the solution is actually easy. You either download the source code and compile it yourself so that you know that the binary you end up with is actually secure (assuming the code is reviewed and safe).
Or you only use projects that provide deterministic (or reproducible) builds. That way when anyone follows the same build process, they all end up with the same exact binaries so you, as the end user, can safely download the binaries knowing it is actually built from that source code.

Only the "good" projects in cryptospace offer reproducible builds such as Bitcoin Core and Electrum.

Some may want to make a download but do it on a wrong platform all because they lack in the idea on how to get a required item for download from the right source online, that is why it is an important task that we must do and to follow for us to know some various ways whereby we can identify the wrong and cloned website before making any downloads, many users have been affected already through all these kinds of wrong approach on the intended platform for their downloads and they ended landing on unprecedented situations.

Or, if possible, just avoid Play Store.  It is littered with so much Malware it is an incredibly high risk to mistakenly download the bad version of a Wallet.

With Android you get the option to download a file and check the Hash / Signature of it.  Verifying an installable file to make sure it comes from the real, legitimate Creator of a Wallet is so much better than choosing the comfort of Play Store.

Downloads should be done from reputable sites and not from every link you see, when downloading a software, check out for the accurate logo and spelling. For example in playstore  there's "Bitget" and "Bitget wallet". Where Bitget is the original exchange software and the latter is a scam software.

I  stumbled on one of these crypto farming projects asking subscribers in it's tasks to download "Bitget Software" and even provided a link to playstore and following the link I saw that it's a scam version of Bitget exchange.

Same things with KuCoin, there's "kuCoin", note the spelling difference. They try a lot to imitate reputable products and lure less suspecting individuals to patronizing them, leading to great funds loss.

So I want to ask something, have you reviewed or asked all of the built in applications codes? you can post all the evidence here.

List of built in IOS apps https://en.wikipedia.org/wiki/List_of_built-in_iOS_apps
List of built in Android apps by Google https://en.wikipedia.org/wiki/List_of_Android_apps_by_Google

I just don't want see a bullshit since there are many people who give very strict advice (although it's good), but they didn't do it at all.

We have risks and exposure to the high volatility of the system. We surf the internet daily and they're for completing important tasks. Curiosity will definitely ruined our path in the real world. Never ever download from unknown sources because we have online fraudsters everywhere, they know the malware to bring into existence and swiftly get of the system. 

People need to be cautious with all of their downloads. Their devices, computers, phones can be infected by download other things beyond cryptocurrency wallet softwares.

If they download unofficial ones, they have bigger risk of get phished by fake applications and infected with malicious components that can steal many sensitive information on their devices from computers to phones.

When a device is infected and there is sensitive information in it, like a file that store account password, wallet password, mnemonic seed, wallet file, there is big risk to be stolen cryptocurrency stored in that device.

When downloading a cryptocurrency wallet, caution is essential. Always download from the official websites, where you'll find links for Android, PC, and MAC versions, and avoid unknown sources such as email links, YouTube, MediaFire, torrent sites, fake websites, blogs, and impersonated accounts.

I see that anyone interested in any unnecessary downloads on the computer or phone must use an alternative device that is free of important and sensitive data and his accounts and crypto wallets. Also, the risk extends to installing unofficial browser extensions, which can also threaten the user. Frankly, even if the program is open source, scammers may exploit people's lack of knowledge in examining the code. Anyone can check the program's security before installing it by uploading it to sites like VirusTotal and Jotti's Malware Scan, where many multiple antivirus programs will scan it.

The most of the Users or people that using that Wallet i guess even dont know how to doing that you cant expect that everybody has that knowledge we have.
As mentioned already from _act_ there are a lot or many Apps and Software that dont have that feat. for checking this.
Best way is to make your one research a few times before you download or install something new on your phone or PC that you dont know.

This will depend on the app that I am using. If I am using Electrum, I can verify through PGP signature that the app comes from the right source but what about the exchanges and banks app that does not have any PGP signature? Also sometimes I do not need the PGP but go to application store to download apps like X, news apps and others that do not have anything to do with money. If many people download the app on application store, I will know that it is original.

Even on websites like Electrum, be sure to verify the GPG signature before download. if you were downloading the electrum wallet software, you can use the GPG signature to check that software actually came from Thomas Voegtlin the original developer and the others who have contributed to the source code and also that the website hasn't been hacked and uploaded with fake versions of the software which could be running malicious code that will try to steal your Bitcoin. Well you can check the software and check the signature on it to make sure it's coming from the right people and it has not been tampered with. Do it for every download of any wallet software.

@Manila Tanaka that's not a bad advice that you shared, but let me share you one: less (merit fishing) topics and more discussion with other members as that's the main purpose of this forum.

It would be also great if, apart from avoiding downloading programmes from non official sources, and also thinking if you are going to use them and you really need them, we all read the T&C and the privacy policy so we understand which data will be collected and how they will be used. Risks when downloading go far beyond the obvious, and we may regret having used certain software.

Crypto security checklist
General security

Don't download things carelessly and verify what you download if you seriously want to use it but the note is, self-limit what you want to download is a first important layer of protection.

Lafu has big threads that can raises warning on risk of downloading malicious files.
List and explain of posted Trojan,Virus and Malware in the last Months!
Report Malware and Suspicious Links here so Mods can take Action !

Many downloads are always offered anywhere and we all know how dangerous some internet downloads really are.
Being careful is priority number one when it comes to downloads.
Because we need to protect our device, our data stored on it, as well as our coins, of course.

Downloads are inherently risky to our devices and should be avoided as often as possible. If in doubt, don’t do any download. Especially downloads related to crypto are often a target for hackers and malicious attacks.

Downloads to all devices are risky but experts have found out which devices are more vulnerable to malicious downloads:
- Mobile devices are most vulnerable, especially from unknown fabricators or from China, which are controlled by China’s regime.
- Windows devices are vulnerable because Windows is often targeted by hackers.
- Apple’s Mac and especially Linux devices (penguin) are less vulnerable to but of course, owners should also protect Linux device or Mac from hackers and be very very careful and avoid downloads.

Keep in mind: less vulnerable still means we should protect our devices, of course. We should always avoid internet downloads.


Open source vs. closed source

Open source means, it is possible for every coder to have a look into it, if it’s coded correctly or if any malicious parts for attacks are coded into a program.
While in closed source, it is not possible for coders to review it.
Open source is very important to avoid possible malware downloads. Of course, open source isn’t a guarantee to be safe and even experienced coders can make mistakes in coding or reviewing it or if it’s offered on a scam and phishing site. Better stay away, as pointed out earlier because downloads are inherently risky.


Ask for coder’s review of GitHub

Serious coders are always publishing on GitHub or make a program’s code visible as a part of open source act.
Because we are no coders, we need to rely on educated coder reviews and opinions of experts. If in doubt, we can ask a question here on Bitcointalk and a coder will look into it.
(Almost) every coder knows about GibHub and can access it as well.


Caution is our best insurance against malicious downloads and hackers
If we don’t make a download, we can not download a virus.
It’s a very clear fact.
We should avoid any unnecessary download and if we really need one (like Electrum), we should inform us if it’s open source and if in question, avoid it.
A random download doesn’t justify to risk damaging our device, our data stored on it, as well as our coins, of course.

Make sure to protect your device from malware due to downloads.