Topic: Be mindful when making transactions on PC (Read 274 times)

Could you remove this malware with your antivirus or you have to reinstall your machine?

My little cousin lost 2000 stratis coin to this crypto address swapping malware in 2019, at first we thought someone came into the house and steal the coins but later we found out that every time he copies his own address and try to paste it the address change automatically.

If you get any malware or keylogger on your pc, do hot wallets of yours automatically become at risk?  For example let say you have software wallets on your pc like electrum or exodus etc.  Those are protected by your seed phrase.  But of course when you log in your pc, you type in your password to each of the accounts to log in.



If you get some kind of malware or anything like that on your pc, does that mean a hacker literally could record any keystrokes you done and literally open your electrum or exodus or other software wallets with the password and then send the coins to their own wallet?  Thus this way even if they don't have your seed phrase it doesn't matter because your computer is compromised?



So could a virus do that?  Or only keyloggers and malware?  I also heard of RAT - Remote Access Trojan... so that would be another method?  So whether you have your computer turned on or not, they literally could empty your software wallets if you just have your password?  Whether your password was typed... or say your password is in a password manager and they could record any keystrokes of you entering your password manager or whatever you are copying/pasting with the password for electrum or exodus?  I also heard if you have teamviewer installed, you need to remove that as well.  So keyloggers, malware, RAT, teamviewer... and what else can cause this? 



If you click on a link and it downloads something to your pc but you do not open it, are you still safe?  If you click on a link but do not do anything are you safe as long as you don't enter anything?



Now if you use windows defender which is free and say malwarebytes the free version, you could catch these malware very easily?  But if you have paid computer security like bitdefender or kaspersky and programs like that... it would detect it the moment you download/open it?  So windows defender isn't as strong and would allow it?



Also what about visiting websites?  I heard of sites where you go there, it would automatically download into your browser.  But if you have bitdefender, kaspersky and those things, would that protect you? 



What about visiting a website that shows as insecure but you are manually entering it and visiting it?  If you click on that website, bitdefender and kaspersky would give you an alert?  What about windows defender?

No, it's not. It's a shortcut, and like all shortcuts has a degree of danger. You should check THE WHOLE ADDRESS once you paste it. If you check the first and last few characters, there's always the possibility that (for whatever reason) one of the other characters may be changed, and you'll lose your money. It just takes a moment, verify the whole string.

So everyone talks about the copy paste malware on the pc before you send the btc.


Now before you click on send... is it true you only need to take a look at the first few and last few letters of the btc address you are sending to?  People say malware could change it but when they do change it, as long as you look at even the first few letters of the btc address you are sending to, isn't it going to be noticed immediately since its not like they could get the first few letters of the btc address you are sending to the same?

Yeah, it is.  However, checking just a few characters is a mistake, no matter how you spin it. One character is switched somewhere else, and you lose your funds. It doesn't have to be a hacker, it can just be a mistake. Check it only once, if you like, but check the whole thing.
About block time, thank you, I'll give it a read. In any case, when you're new any delay is a nightmare, and BTC is kinda slow... So, yeah, I'd definitely gonna read a lot more about it. 

As many as 7 times and the whole coin address is really a bit paranoid, it is enough to check the first and last 4-5 characters unless you send a transaction that is really valuable. As for the speed of transaction confirmation, you need to learn how to interpret mempool and adjust your fee accordingly if you want your transaction to be confirmed in the next block.

As far as I can see, there were times when you had to pay more for the next block in the last 24 hours, but currently, you can pay the minimum price and get a confirmation in the next block - but again, keep in mind that the time between blocks can sometimes be up to 60 minutes, although this is on average every 10 minutes.

Yes, this malware is indeed disturbing. Sometimes we are careless and accidentally click on a link and end up losing our set. It is also the world of technology and online, this situation is indeed vulnerable and often happens.
Some hackers send this malware through some links that seem very neat and not suspicious.

Lucky that you can avoid all of this. Hopefully, this will be a valuable experience for you and others too.
This, once more, tells and notices us that we must be more careful everytime going to do something, moreover related to the wallets of our assets, sending any transaction, online wallets, and other activities. It may not only happen to the wallets but also other sensitive data or transaction.

This malware you're talking about has also been encountered by my cousin few months back on his laptop. He was about to send some BNB BEP20(Binance Token) to one of his wallets and noticed that the address he pasted has been changed to another address. It is a good thing you also checked the last few characters of the address to confirm it. I also have this practice of confirming the first and last few characters of the address making sure that it was correct, it's better to always double check than lose money. Thank you for sharing!

Well, I'm kinda paranoid, so I check the whole string like 7 times before accepting it...
And even after that, that waiting period to get the transaction approved is terrible. I guess I'll get used to it after a while, but right now, it really drives me crazy...

I usually check the string character by character before accepting the transaction.  Whenever I am in a hurry or lazy enough to care however, I tend to only check first and last 5 characters plus 4-5 characters from the middle.  I have a question for someone with enough knowledge to provide an accurate answer.  What are the chances I fall under this scam if I verify around 15 characters of the address string, if even possible at all?

-
Regards,
PrivacyG

Thanks for sharing your experience and thanks to God you didn't loss anything. Yea, it's quite important to check the address multiple times that you copied and that your past. It's not only on PC, hackers could take control of your mobile devices as well. So whatever device you have been using needs to make sure the address is right. I often verify the address multiple times to make sure. I always check the last and first few digits of an address when sending funds. So even there is an attack could notice easily.

Yeah, when your responsible for your own money or anyone else's for that matter I tend to be a lot more paranoid, which is a good way of looking at it from that point of view because you are less susceptible to complacency, which has I've suggested I believe is one of the leading factors to people getting infected, and losing money.  

Yeah, Android at least has a decent permission system, although I do think it could be improved with slight additions. However, if your downloading questionable third party applications in the first place, that permission system might already be compromised, depending on their level of sophistication. Of course, most aren't that sophisticated like previously suggested, however when you're responsible for your money, being extra careful is likely the better route.

Yeah, I guess my point is anti viruses can introduce complacency, and as long as you're aware of that you can mitigate it. Although, an anti viruses can also be a waste of money, if you aren't downloading untrustworthy stuff from the internet, and aren't surfing the web unprotected (noscript etc) then you're pretty much good to go.

Anything that can be verified should be verified, and anything that doesn't offer signatures to verify should be considered not worth the risk of downloading in my opinion. I know it can be tedious at times, but that's exactly why complacency creeps in.

Norton was then just an antivirus program, without detecting adware, spyware, or malware - and that's exactly what a specialized program for such things discovered - I know that because I used Spybot at the same time. In everything that that program found on your computer, most of it was probably pretty harmless, and I'm sure it wasn't viruses. It's like comparing Malwarebytes to any AV program today, this first one is synonymous when it comes to fighting malware.

---

Just a few minutes is enough to personalize the program, which includes this option - and I have it turned on and get 1-2 notifications in a week, sometimes not even one. I understand that there are much better ways to protect, especially if the computer has anything to do with cryptocurrencies - but as for me personally, I do not deal with any risky things, I have a hardware wallet and protection with antivirus + premium Malwarebytes and regular system updates are quite enough for me - and they do not burden the system to the extent that it would bother me. At this point, it’s the level of protection I can live with and feel safe with.

Besides formatting your PC, I figure you’re being extra careful and selective when reinstalling software back on to it. Often, these situations occur after installing some unknown or hacked software, and reinstalling some given (rouge) software could lead to reiterating the issue.

Out of curiosity, have you managed to pinpoint or narrow down what software installation could have been the root cause of your problem?

Reinstalling Windows won't help you in the long run if you don't change your habits. Clipboard malware is pretty tame compared to worst cases - full control over your PC, keylogging your passwords, stealing private keys from memory, etc. You need to have your wallet in an isolated environment - a cold storage or a hardware wallet or a system like Qubes OS, and you need to stop getting your offline machine infected - use open source alternatives instead of pirating software or downloading it from shady links and don't download anything from unverified sources at all.

Better safe than sorry, I would say. Those who overlook security measures often pay dearly for that. I rather be thought paranoid than being called a victim. But I get your drift.

Anything third party, not just keyboards, seeking permission to certain files on my phone scares me. I usually abort the process once I get that warning, no matter what I'm trying to work on. So, I can say Android does warn users too.

I think such malicious trick is possible on mobile phones by downloading a third-party keyboard, they always ask for some access that you don't want to accept, I find such keyboards unsafe to use.

I tend to agree, but really it should be balanced. I've had this issue myself where I tend to look at things from a paranoid perspective, but then it isn't always rational to look at things that way. It usually means you're doing additional steps when it really isn't needed.

Personally, I recommend everyone picks a certain threat model (i.e personally defined strictness), and stick to it strictly.

I find it mind boggling that Android hasn't implemented a permission based system for accessing the clipboard, because it already has the fundamentals there. Especially, when a clipboard could be considered on of the biggest security flaws that users will fall victim too.

One can never be too careful to the point of paranoia. I also make it a point of duty to check the first three or four alphabets in the address I'm sending to, then the middle and end alphabets. I try as much as I can never to be in a hurry while on a financial transaction. With cryptos, I triple check. No hurry in life. Going forward, I think people should restrict links they click for a lot of these malware come from sites we visit, especially porn sites.

I'm curious why we don't have such with mobile phones since we also have clipboards with phones.