Topic: How to lose your Bitcoins with CTRL-C CTRL-V - page 8. (Read 4419 times)

Yes. Windows 10 has a built in keylogger, and it sends everything you type to Microsoft for "analysis". See the following links:

https://www.pcworld.com/article/2974057/how-to-turn-off-windows-10s-keylogger-yes-it-still-has-one.html
https://www.technorms.com/45807/turn-windows-10-keylogger-improved-data-privacy
https://www.techadvisor.co.uk/how-to/windows/how-disable-hidden-keylogger-in-windows-10-3639643/

But on a much wider scale, Windows 10 is a privacy nightmare. It collects everything from your keystrokes and voice input to your contacts, emails, browsing history, location history, etc., etc. Turning off all the telemetry and turning all the privacy settings to max doesn't help. Have a read of these reports if you want to be really worried:

https://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/
https://thehackernews.com/2016/02/microsoft-windows10-privacy.html

Even with these features disabled via group policies, Cortana is still sending your search history to Microsoft, and OneDrive is phoning home for unknown reasons, for example. Even with all telemetry features disabled, Windows 10 still made a staggering 5,500 connections to almost 100 different IP address in only 8 hours.

As LoyceV says, don't use Windows.

---

Any time I am sending coins from any wallet I physically place the address I know is correct directly from the source, right next to the address I have entered to send to. That usually means either holding my hardware wallet or phone up next to my computer screen, or resizing two windows on my phone or computer to put the two address physically right next to each other. Once you have two addresses which are less than inch apart, its very easy to check the entire address and not just a few characters at the start or end.

Does anyone else find the SegWit bech32 (bc1...) addresses harder to verify visually? I don't know if it's the long prefix or the all lowercase format but it's just so unwieldy.

But even since before SegWit I got used to Ctrl-C + Ctrl-F re-verification - it's quick and works well. Speaking of that - I think this is an error:


I think it should be Ctrl-C, then Ctrl-F, then Ctrl-V.

If I can suggest a simple work around to avoid this kind of theft, I can suggest a easy virtual machine installation
I use it for my home banking and Crypto transfers.
An USB, 128gb or more to get acceptable performance
All the address saved in the task bar to avoid fake site found by googling
Linux lubuntu, a lighted and fast version of Linux.
When I need to use home baking or Crypto wallet I use this USB. I called it bank box.
Not sure at 100, but for sure more Than home pc.
If I'm forced to use it from my home pc, I usually check the first and last 3 or for address chars.

This also happens in Android OS more frequently, I believe, as there are random apps capable of snooping data up to system-level and change some of the configurations and voila! Your Android phone is infected! We also know that there are still a lot of people downloading apps that are not from official releases and from the official Playstore in order to get some cracked APKs for their games, apps etc and that is alarming. I almost became a victim of the clipboard hijack thingy just a couple months back by downloading this file manager from a XDA-Developers post (which has since been removed thankfully).


Knowing how Google Play checks every app on their store before getting it live, it's really rare for a malware-infected app to get through. This might be the first one recorded, but I'm pretty sure that there are tons existing out there in the wild.

Its really a matter of concern that in every single second these hackers are trying to discover new ways for stealing fund from our wallet. Basically most of us like to complete copy-paste by using our keyboard option and these hackers wisely targeted that area to make users fool. To keep us secure from this kinda keyboard malware sender should be much careful during completing transactions from one address to another.

▪︎ Please double check the receiver address before clicking the final confirmation button.
▪︎ After pasting the address please check similarities between both address part by part. Don't give priority to few first charecters only where its necessary to check middle and last part too.
▪︎ You can take the help of notepad to match both addresses easily.

From what I personally notice with the clipboard/copy and paste virus it only gives you a similar address only to the first few characters of your own address sometimes also the last few characters at the end of your address are also similar as well. But if you look at the middle part you will see that there is no similarity at all in fact they are completely different. For people that has known and used their address for a long time now you can immediately spot the differences. I do recommend people trying it out on there Windows pc if they have the clipboard virus by just simply trying to copy/paste the address you have so that you are always aware that your pc is clean from that malware.
 

I may post this on my Daily news on our local board. thanks for the info bro. Cause I often use this feature in windows when I'm sending some BTC to my exchanges address. thankfully I double-check the addresses before I send it. therefore every time we send some BTC we don't need to rush for it it is always better to see the address if it is right or else you will get nothing even after a hundred confirmation in the transactions.  

 .
I also found this article : First Android Clipboard Hijacking Crypto Malware Found On Google Play Store.
Android seems vulnerable too and it was found on Google Play Store, it this already found, for sure there are already some android app spreading with this kind of malware.

As stated on the article, most of the android app that has like this kind of malware are those impersonating android app fake android app, just like bitcoin wallet.
Since that is also about cryptocurrency.

Pity that it never happened with me :-P

Well on a serious note, staying a bit careful before downloading or clicking any link solves the problem more that 50% I would say. The rest is coming with the external device like USB sticks we use. If we are not sure about the device status (whether it's clean or not), we should not inject them in our USB port.

I hope it was not spam? :-P

Edit: By the way, how about using a multiSig address? If your device is compromised and the address has changed you can see it once you load the tx file in the other device before final sing and broadcasting.

Now im getting worried with that Windows 10 Cortana and currently been tweaking out its privacy settings.Is this really a keylogger?. So far i havent experienced any clipboard malwares but i do have that behavior on double-triple checking address before sending out  some coins.

Thanks for the reminders and this isnt a spam.  

I was a victim year ago and I would like to add one more think to your post.

If you see that your address are being changed that means your system is affected by the malware. To resolve it permanently please change the hard-disk of your system and install Ubuntu. This is what I was advice to do. And how to be aware is already addressed by OP.

It is better not to download or browser random stuff on the system which you use for trading or storing your funds. Definitely not a good exercise to store funds in desktop wallets but if you have store then be aware.

I just saw another victim of clipboard hijacker malware.

How it works
1. You select a Bitcoin address, and press CTRL-C.
2. The malware changes the address to an address owned by the hacker/scammer.
3. You press CTRL-V and lose any funds you send.
Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won't notice the address was changed.

How to prevent this
1. Don't use Windows, but we both know you're not going to change that.
2. Check the entire address after copy/pasting, and not just the first few (or last few) characters. Check some in the middle too. That's a lot of work, so chances are you won't do that either.
3. I came up with something else: don't copy the entire Bitcoin address, copy only a part, and manually type the last few characters. Even if the malware exchanges the incomplete Bitcoin address by their own, your wallet won't accept the (invalid) address if you've typed a few more characters by yourself.
You'll still need to follow Step 2 after this: check the address!
4. Use copy/paste to verify part of your address. Suppose you want to send funds to address 1PjpEgknyKxQKXtMcYFDym8odkfohFGkui. After copy/pasting, select "yKxQKXtMc" from the pasted address, then press CTRL-C. Then, use CTRL-F followed by CTRL-V to see if the partial address matches the original source of the address. And make sure the source is authentic: email can be spoofed too!
5. I'll add o_e_l_e_o's suggestion here:

Stay vigilant
Check, double check and tripple check before sending funds!


No spam please
I said please
I'll remove excessive quotes.