Recovering deleted wallet/files from HDD - page 3.

Ultegra134

hero member

Activity: 1582

Merit: 758

Quote from: QuickAccount on November 03, 2021, 04:09:32 PM

Quote from: Ultegra134 on November 03, 2021, 03:25:22 PM

Quote from: QuickAccount on November 03, 2021, 02:22:10 PM

Quote from: Ultegra134 on October 30, 2021, 06:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

I installed the extension on a Virtual Machine, found a few issues right off the bat.

The extension communicates with the internet, something that "Only saves data locally" shouldn't connect to the internet. They're is also another issue with the extension, it logs specifically logins, not just web pages visited and such. After further analysis, the data that it saves isn't even hashed, meaning that all of your logins are compromised if someone gets the data from your local storage of the extension.

My advice would be to uninstall the extension, reinstall chrome, then change all of your passwords.

Interesting, I remember looking it up to find anything suspicious but couldn't, anyway, good detective work. It logs any kind of text input, it often saved my posts here. Anyway, I've now uninstalled it, since I do not need it anymore and due to the suspicion of it being a security hazard.

On the other hand, do you know any kind of similar software that is safe to use?

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: Ultegra134 on November 03, 2021, 03:25:22 PM

Quote from: QuickAccount on November 03, 2021, 02:22:10 PM

Quote from: Ultegra134 on October 30, 2021, 06:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

I installed the extension on a Virtual Machine, found a few issues right off the bat.

The extension communicates with the internet, something that "Only saves data locally" shouldn't connect to the internet. They're is also another issue with the extension, it logs specifically logins, not just web pages visited and such. After further analysis, the data that it saves isn't even hashed, meaning that all of your logins are compromised if someone gets the data from your local storage of the extension.

My advice would be to uninstall the extension, reinstall chrome, then change all of your passwords.

Ultegra134

hero member

Activity: 1582

Merit: 758

Quote from: QuickAccount on November 03, 2021, 02:22:10 PM

Quote from: Ultegra134 on October 30, 2021, 06:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: Ultegra134 on October 30, 2021, 06:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

Lotus

jr. member

Activity: 107

Merit: 7

Of course. In a sense, a hardware wallet still stores the content locally in its own stores, but you get the point.

HCP

legendary

Activity: 2086

Merit: 4316

Quote from: Lotus on October 31, 2021, 06:34:09 PM

Safest option is not to use file-based wallets anyway if you can afford it.

What would you recommend if not "file-based wallets"? Are you talking about hardware wallets? Huh

Lotus

jr. member

Activity: 107

Merit: 7

Yes, someone might have cloned your content and is still working on recovering & scanning the relevant files. Safest option is not to use file-based wallets anyway if you can afford it.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

Anyway, I'm going to move all my funds into new wallets, just in case, it doesn't cost me much in either time or money

I would strongly recommend it. Although you got your laptop back, your wallet can still be compromised. You cannot be absolutely sure that someone did not copy your wallet (or your entire hard drive) or exported your private keys. I wouldn't use that wallet for serious money again if I were you.

figliar0

member

Activity: 110

Merit: 19

Quote from: LoyceV on October 30, 2021, 06:59:31 AM

Quote from: Ultegra134 on October 30, 2021, 06:47:47 AM

its sole purpose was to catch someone snooping through my laptop, (I mean in the same household)

That's why I always lock my screen (set a shortcut if you don't have it yet) when I walk away. No matter how short, I don't get up before locking it.

I do the same - habit from past job where I had a little bit strange collegue. Just for the record: this is not very secure solution, some lock screen in linux environment can by bypassed, don't know about other OSes. It is good to prevent children from play with your workstation, but if someone has enough time, it won't help.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Ultegra134 on October 30, 2021, 06:47:47 AM

its sole purpose was to catch someone snooping through my laptop, (I mean in the same household)

That's why I always lock my screen (set a shortcut if you don't have it yet) when I walk away. No matter how short, I don't get up before locking it.

Ultegra134

hero member

Activity: 1582

Merit: 758

Quote from: ABCbits on October 30, 2021, 05:42:12 AM

Quote from: Ultegra134 on October 30, 2021, 05:18:22 AM

Quote from: fillippone on October 29, 2021, 07:23:43 PM

Well, this is an interesting plot twist: has your laptop an integrated key logger? How comes that?

Also: move your coins now. You are already late.

Just some kind of extension on Chrome, records every tap of the keyboard, nothing special. It just looks like Chrome has been left untouched. The whole HDD might be left untouched but it's definitely better to stand on the safe side.

Excuse me for being a bit paranoid, but are you sure the extension doesn't steal your personal data or everything you type on Chrome? At very least, check what kind of permission the extension ask.

I've checked the permissions before, it only logs locally user inputs, they are not sent anywhere, it doesn't have access to anything else.

Quote from: LoyceV on October 30, 2021, 05:47:24 AM

Quote from: Ultegra134 on October 30, 2021, 05:18:22 AM

Just some kind of extension on Chrome, records every tap of the keyboard, nothing special.

This sounds like a security risk, is there a reason you've installed some sort of spyware in your browser?

Thinking back to it, I shouldn't have installed such a thing, its sole purpose was to catch someone snooping through my laptop, (I mean in the same household) and have solid proof they did it, since history could be deleted and be done with it.

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Ultegra134 on October 30, 2021, 05:18:22 AM

Just some kind of extension on Chrome, records every tap of the keyboard, nothing special.

This sounds like a security risk, is there a reason you've installed some sort of spyware in your browser?

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Ultegra134 on October 30, 2021, 05:18:22 AM

Quote from: fillippone on October 29, 2021, 07:23:43 PM

Well, this is an interesting plot twist: has your laptop an integrated key logger? How comes that?

Also: move your coins now. You are already late.

Just some kind of extension on Chrome, records every tap of the keyboard, nothing special. It just looks like Chrome has been left untouched. The whole HDD might be left untouched but it's definitely better to stand on the safe side.

Excuse me for being a bit paranoid, but are you sure the extension doesn't steal your personal data or everything you type on Chrome? At very least, check what kind of permission the extension ask.

Ultegra134

hero member

Activity: 1582

Merit: 758

Quote from: HCP on October 29, 2021, 06:38:00 PM

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

Anyway, I'm going to move all my funds into new wallets, just in case, it doesn't cost me much in either time or money

*ETH Gas fees have entered the chat* Roll Eyes

Based on the fact that you mentioned Metamask... you might get hammered with some serious fees depending on how many different tokens you need to move around Undecided

It's a few hundred of BUSD and a pair of stablecoins staking on Beefy.Finance, which I was planning to withdraw and deposit to another contract anyway. Despite how much it might end up costing, at least, I'll be on the safe side and not have to worry about it anymore.

Quote from: LoyceV on October 30, 2021, 03:03:12 AM

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.

If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

Definitely, it's not a hard thing to do, if he wanted to compromise my files, then it's up to him, since I stupidly gave a stranger full permission on my computer, what was I thinking.

Quote from: fillippone on October 29, 2021, 07:23:43 PM

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

Just got my laptop back, which has an integrated keylogger as well

Well, this is an interesting plot twist: has your laptop an integrated key logger? How comes that?

Also: move your coins now. You are already late.

Just some kind of extension on Chrome, records every tap of the keyboard, nothing special. It just looks like Chrome has been left untouched. The whole HDD might be left untouched but it's definitely better to stand on the safe side.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.

If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

fillippone

legendary

Activity: 2114

Merit: 15144

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

Just got my laptop back, which has an integrated keylogger as well

Well, this is an interesting plot twist: has your laptop an integrated key logger? How comes that?

Also: move your coins now. You are already late.

HCP

legendary

Activity: 2086

Merit: 4316

Quote from: Ultegra134 on October 29, 2021, 02:48:08 PM

Anyway, I'm going to move all my funds into new wallets, just in case, it doesn't cost me much in either time or money

*ETH Gas fees have entered the chat* Roll Eyes

Based on the fact that you mentioned Metamask... you might get hammered with some serious fees depending on how many different tokens you need to move around Undecided

Ultegra134

hero member

Activity: 1582

Merit: 758

Thank you for all the replies, made me realize how cautious we need to be when dealing with personal files, whether that has to do with wallets/money or simply passwords and any sensitive data.

Just got my laptop back, which has an integrated keylogger as well, I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive. Anyway, I'm going to move all my funds into new wallets, just in case, it doesn't cost me much in either time or money, so I don't see why not be on the safe side.

Thanks again for all the advice, I really appreciate it.

figliar0

member

Activity: 110

Merit: 19

Pesonally I never put my computers to someone else, I do repairs myself. If you cannot repair computer, just put it to technician without drive, that is totally OK.

If you want to sell or throw away computer, I definitelly recommend to wipe drive (or destroy it). Some live linux distribution is the best for that, because system is only in RAM and whole drive can be securelly wiped. If you are not friend with linux commands, I can recommend Parted Magic, which have GUI tool to do the thing, but you have to pay for it. But you can wipe drive with (almost) any distro.

I do the wipe in two steps:

write zeroes to whole drive,
apply ATA/NVME secure erase command.

It is useful to do both, because regular zeroing do not overwrite backup sectors and are not very efective on flash devices in general (because of various techniques of physical sector abstraction like wear leveling). On other hand secure erase command may not be properly implemented in firmware of the drive.

Forget about some many-many-pass total-random-pattern algorithms - those are useless and time consuming. I don't trust to zeroing only empty space from running OS, nor even wiping single file - various snapshots, shadow copies, backups, hardlinks, etc prevent to do this trustworthy (and do not forget for backup sectors and firmware sector abstraction mechanisms on flash devices).

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: PawGo on October 27, 2021, 09:23:47 AM

One of options: https://www.howtogeek.com/howto/15037/use-an-ubuntu-live-cd-to-securely-wipe-your-pcs-hard-drive/

He can just ask the technician to put the hard disk in an external enclosure first and run something like Recuva to overwrite the hard disk with random bytes first so that the data is unrecoverable (there's a particular 38-pass military-grade algo that I like as it is very secure).

Topic: Recovering deleted wallet/files from HDD - page 3. (Read 693 times)