Can A Chrome app be a malwware and steal your private keys?

pilosopotasyo

member

Activity: 952

Merit: 27

Quote from: TGD on November 09, 2020, 04:44:55 AM

We have same method of storing private key. LOL. Anything stored online can be hack and that's the cons of the cloud storage. But if we think about it, Everywhere we store it can be steal or destroy, It's either physically or virtually. So for safety precautions, Just encrypt your private key before you store it on Gmail if you really want to put it there.

I've been using Google drive to store my private key/recovery of my trezor for a very long time and so far my funds is untouchable.

Google drive is ok as long as you know how to encrypt and secure you, I have mine in my gmail and I am using an encryption and authentication to fully secure my private keys but these are disposable wallets where i kept a small amount for trading purposes, my coin storing wallet are on a desktop versions, you need to have different wallets for different usage.

Greatdev

member

Activity: 266

Merit: 16

Sovryn - Brings DeFi to Bitcoin

If it's a must to download extensions find the official website of the extension and download through the website, don't trust chrome store or mozilla add on store, they claim they've removed all bad add ons but it's a lie, they only removed those that antivirus can detect

Greatdev

member

Activity: 266

Merit: 16

Sovryn - Brings DeFi to Bitcoin

I heard that chrome is spying on its users, the best browser for PC is brave browser, anyways, forward to your question, browsers extension is like a decentralized exchange where anyone can list any token for trading, extension stores is also a place where you can add any add ons for free, meaning scammers can add malicious add-ons and once you download to try out the trojan starts it's journey

Findingnemo

hero member

Activity: 2366

Merit: 793

Bitcoin = Financial freedom

Chrome itself a spyware but officially from the Google to steal the data about every people legally, well most people aware of it. Installing an extension which contains malware can surely act as spyware or take control of your device to get the data and most of the extensions are not really safe,so better avoid them using.

erep

hero member

Activity: 2282

Merit: 589

It is too risky to save any important files in e-mail because they are vulnerable to being hacked, it is like storing gold in glass so that it is easily stolen by simply breaking glass with stones. I store private keys on the hard disk and it is safer to use when there is a need to access the wallet.

RabbiTANK

member

Activity: 224

Merit: 18

Sovryn - Brings DeFi to Bitcoin

Browsers extensions or addon are dangerous if they aren't from official sources, don't just head into extension search engine and search for any add ons, there are some with trojans or hijacking malwares, honestly I don't use any extension since I had a very bad experience using on in 2018, I had to format the whole PC without taking any file out

ololajulo

sr. member

Activity: 2240

Merit: 270

SOL.BIOKRIPT.COM

I know it might have its own advantage but I think one address one private should be improved in the future. We should be able to change our private keys if we think are no more safe, exposed or can be compromised. Transferring asset at any exposure may not be always easy. It is also difficult to cram the private keys and caused the lost of some assets, people would have preferred to never document it which could be responsible for the use of exchanges by some people.

Phoenix_PROG

member

Activity: 224

Merit: 28

Quote from: dhru9 on November 09, 2020, 04:28:54 AM

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? Huh

Anything is possible online mate

1. Don't store private keys or recovery seed in your Gmail
2. Don't use add-ons on your PC browsers, they can install malicious invisible spywares or malwares too
3. Get a paid version of antivirus on your PC .
4. Write your recovery seeds in a book or paper or carve the words on a stainless steel

target

legendary

Activity: 2282

Merit: 1041

I am using metamask chome extension which I have import my MEW wallet to it using the privatekey and whenever I login to this metamask chome extension, the wallet is also connected. Does it mean I'm risking my funds?

I'm quite not very sure about what I did because I kept betting on casino using it and it's needed to make transactions on Uniswap. There is just no way else for me to do it but on metamask extension.

sujonali1819

legendary

Activity: 2436

Merit: 1189

Need Campaign Manager?PM on telegram @sujonali1819

Quote from: dhru9 on November 09, 2020, 04:28:54 AM

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? Huh

Yes, it's possible IMO. suppose you have downloaded a extension which can access your desktop display. So during that time you are visiting the google drive and watching the private keys, or you are trying to log in google account, the extension may notice your private keys or copy the keys if the malware running key logger. (I don't know much about technical but I guess in this way you could be hacked)

*Don't save your private keys, password in online.

Mauser

hero member

Activity: 1974

Merit: 534

Quote from: dhru9 on November 09, 2020, 04:28:54 AM

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? Huh

I would be very careful with installing too many Apps on your browser. You never know what kind of information is going sent away without your permission. In general I never use Apps if there are not at least 100k people who downloaded the app and if the reviews are not above 4 Stars. This of course won't guarantee if there are fishing or scam Apps among them. It's better have more security in my opinion.

Kong Hey Pakboy

member

Activity: 1120

Merit: 68

Quote from: dhru9 on November 09, 2020, 04:28:54 AM

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? Huh

There will always be a consequence when you start downloading malware or a cracked application on your pc because most of them have trojan or virus inside them. So if you have installed a malware chrome app on your device, I think your private keys aren't safe anymore on your Gmail and any online storage. I suggest avoiding storing all of your private keys and passwords on any online storage devices and try to keep them in a piece of paper or an offline document such as a notepad. Also, If you download a malware chrome app on your device, avoid singing in your primary Google account to avoid getting hacked.

blckhawk

sr. member

Activity: 1554

Merit: 334

Quote from: dhru9 on November 09, 2020, 04:28:54 AM

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? Huh

Well, probably yes but just like you, I also use my Gmail to store my passwords, private keys, and such because no matter what we do there's a risk of if getting hack or being destroyed. I mean even if you store it physically like on a piece of paper something natural disaster (which I hope will not happen) this could be either destroy. While storing it online could be prone to be hacked or something. But still, I choose to store it online, as long as you were computer literate like not clicking or downloading on a random link I think you'll be fine.
Recently, I find another way of storing your keys and that is through a password manager. I've been using KeePass right now the database where your data stored can be only accessed by you, locked up by your master key. So far I haven't encountered any issue yet and it is pretty convenient I'd say.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

Judging by the actions of the OP, the loss of keys will be a consequence, not a cause. You have been given a lot of safety tips, and I think one of the effective tips would also be to completely separate business and entertainment on one computer. There are thousands of key loggers out there that can track every keystroke. They control all the sites you visit. And at a certain moment, they wake up and start sending information about you to their servers.
It is very risky to keep anything on the network, even if it is encrypted, without a duplicate outside the computer.
Speaking specifically about Google, it’s ridiculous to doubt that it doesn’t follow you. Look at the popularity of all the extensions you add to your browser. Stay tuned for updates and reviews. It is generally recommended adding a minimum of extensions to the browser, because yes, a rogue extension can know absolutely everything about you and your browsing history.

molsewid

hero member

Activity: 2170

Merit: 530

Quote from: dhru9 on November 09, 2020, 04:28:54 AM

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? Huh

If you already have coins/token to that private keys, you should transfer it to other new wallets you have then store your new private keys to an offline storage device.
Gmail is not secured for your private keys so don't store your keys again or you might get a problem with your private keys.

Akiko

full member

Activity: 896

Merit: 198

Quote from: dhru9 on November 09, 2020, 04:28:54 AM

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? Huh

I remember I have a friend hacked his main email and stored his private keys there and all of the balance is stolen by the hackers , not secure way though.

Its not recommended to use email for storing important document such as private keys . But it's up to you to decide it's depend how will you secured your email for any other attempt that hackers will do. But I suggest if you have other alternative to stored keys it's better to use that than having a copy in your email.

traderethereum

hero member

Activity: 2870

Merit: 574

Vave.com - Crypto Casino

Quote from: dhru9 on November 09, 2020, 04:28:54 AM

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? Huh

It will help us if you can explain more details about your question so that we can find the solution.
Basically, if you don't install any plugin or add-on in your chrome browser, you are safe from the malware because google will not add something suspicious in their chrome browser.
So when you open your Gmail using the chrome browser, you don't have to worry about malware or any suspicious add-on.
But if you have unknown software installed on your computer or mobile phone, you need to be careful because you don't know if that software contains malware or virus or something like that.
Each app or software on the computer or inside the mobile phone will be related to the OS for a computer or mobile phone, and we can not say that we are safe before we check what is inside our devices.
But to store your private keys in Gmail will be a mistake because we never know if we will always be safe or not.

seoincorporation

legendary

Activity: 3346

Merit: 3130

Quote from: dhru9 on November 09, 2020, 04:28:54 AM

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? Huh

For sure you must be careful about the chrome extensions you install, i have reported in the past some extension that has malware and it stole your bitcoins,

And is a terrible idea to store your private keys in Gmail, if you do that is a matter of time to lose your coins. If you want to do a bad practice like that at least save the Privatekeys in a text file and then put that in a zip with password. This will not make you totally secure, but at least is better than just send the PK's as a mail.

plast555

sr. member

Activity: 951

Merit: 259

This is never been talkable because this already happen many times and still can happen because malware is very dangrous for any computer and this can create many issue so stealing your private keys is very easy with this all and its already happen many times with many different peoples because they fail to check this before instalation and lost some good amount of funds so never try this if you never want to lost your funds very quickly and easily if someone want to download app or any software first try to check its security and availability and try to have recomended because now scammers using many ugly methods for stealing funds from peoples.

akirasendo17

sr. member

Activity: 1106

Merit: 310

The number one rule for me is to store your private keys where you have sole access, means you have to store it locally, Gmail account can be hacked
or what if you forget your password and the alternate email address email is gone, your keys are lost forever, it's not that we don't trust Google, but what if those happen, best is store it locally the safest for me

Topic: Can A Chrome app be a malwware and steal your private keys? (Read 640 times)