Pages:
Author

Topic: Which is the best to use now? (Read 309 times)

hero member
Activity: 1008
Merit: 520
Leading Crypto Sports Betting & Casino Platform
February 01, 2022, 04:10:35 PM
#25
I came across this post How to lose your Bitcoins with CTRL-C CTRL-V in the forum, Which brought a question to my heart, is it better to use the website to download any wallet or exchange application for Android (as it is a normal thing to use for desktop/laptops) or use the Google play store which is now said to have some applications that hijacks clipboard and changes the address to the hijacker's address and when the transaction has been executed, nothing can be done to cancel the transaction (which is normal)?
First Cryptocurrency Clipboard Hijacker Found on Google Play Store
A cloned MetaMask away from the original is now a victim from the Google play store.
It is said that
Quote
The first attack method the app used was to attempt to steal the private keys and seeds of an Ethereum wallet when a user adds it to the app. When BleepingComputer analyzed the app's APK file, we found that the app contains information that can be used to send this stolen data to a Telegram account.

How can we ignore these kind of hijacking/malware application as it is now a threat to those who mostly uses Android phones?

There are a lot of safe apps that we can use in order not to loose our wallets,apps like coinbase- it is android app and its very safe,
Spare- it helps bitcoin holder to turn their bitcoin to cash easily without entering bank or using ATM. you can also use cold wallets
Cold wallets are not liable to internet,like hot wallets because hot wallets are liable to cyberattacks. Its advisable to use cold wallets instead of hot wallets. And we should try not to download apps that can exposed our devices into danger.
legendary
Activity: 2268
Merit: 18748
February 01, 2022, 03:07:47 PM
#24
Though in my watch on downloading anything from Google play store, I don't miss the review and number of downloads.
Such things are almost meaningless. It is trivial (and not that expensive) to buy tens of thousands fake downloads or fake reviews on any platform. You really should not be basing the security of your coins on which app has the most downloads.

Well, it's obvious now that it wasn't their intention as a tribute to the noble one. It's just a gimmick to get unsuspecting public into their web of deceit.
I mean, in general I would agree with you, but SatoshiLabs are the company behind the Trezor hardware wallet, who also wrote BIP39 and BIP44, which give us seed phrases and the structure of HD wallets respectively, and are used by almost every wallet in existence. They are not a shady company by any means. Just because some scammer has used their name to trick newbies in to downloading their fake app, doesn't mean the real company are somehow implicated.
legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
February 01, 2022, 12:15:45 PM
#23
~snipped~
I always considered "SatoshiLabs" to be a tribute to Satoshi Nakamoto, I never got the impression they claim to be Satoshi.
Well, it's obvious now that it wasn't their intention as a tribute to the noble one. It's just a gimmick to get unsuspecting public into their web of deceit.

Quote
That's one of the reasons I install as few apps as possible, and give my phone access to as little data as possible. Even better: use a separate (old) phone for certain apps.
I should embark on this as a matter of principle, going forward.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
February 01, 2022, 11:23:04 AM
#22
I wouldn't touch anything that has to do with apps in Satoshi's name because instinct would tell me it's a scam. How will a man who doesn't what to be found now make apps in his name a decade later. It's pure scam but sadly people don't like having a second thought around stuff like that before downloading them.
I always considered "SatoshiLabs" to be a tribute to Satoshi Nakamoto, I never got the impression they claim to be Satoshi.

Quote
I use apps from playstore a lot and I'm saddened by the fact of the preponderance of scam apps there now.
That's one of the reasons I install as few apps as possible, and give my phone access to as little data as possible. Even better: use a separate (old) phone for certain apps.

Quote
This will definitely cause Google to lose trust and patronage if it's not tackled and corrected quickly.
I don't think they care. Just like they don't remove phishing sites from their advertising when reported. As long as they earn from it they're not in a rush to to clean it.
legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
February 01, 2022, 11:11:33 AM
#21

I wouldn't touch anything that has to do with apps in Satoshi's name because instinct would tell me it's a scam. How will a man who doesn't what to be found now make apps in his name a decade later. It's pure scam but sadly people don't like having a second thought around stuff like that before downloading them.


Relatedly, this relaxed check by Google on apps that get get into its playstore is becoming worrisome. I use apps from playstore a lot and I'm saddened by the fact of the preponderance of scam apps there now. This will definitely cause Google to lose trust and patronage if it's not tackled and corrected quickly.
member
Activity: 120
Merit: 15
January 31, 2022, 10:46:33 PM
#20
This have been discussed few times before, people really need to stop using playstore to search for wallets to download, you can easily install the fake one and lost your coins in the process, it's safer to always go through a project website for downloading their wallet, if it's available on playstore you will be redirected there.
sr. member
Activity: 588
Merit: 251
January 31, 2022, 06:50:55 PM
#19
Quote

In any mobile phone digital distribution service whether app store or play store, it's easy to recognize a fake to the original. Check reviews, number of downloads, the developers, check the link of the app, using the "share" feature in the upper right, mostly the URL is simply written with its website "play.google.com/.../?id=io.metamask", fake ones have different characters on it. Also check the app website if it redirects on the same play store page.

Use adblockers either on mobile browsers and desktop too, firefox has lots of security features, mobile or desktop, just enable it and use "strict".
These are some good facts to observe and put into consideration. Though in my watch on downloading anything from Google play store, I don't miss the review and number of downloads. I don't download much with a PC, as I prefer the mobile phone as more friendly with mobility.

Quote

If you are newbies in crypto, first two websites you can use to search for projects and related links exclusively links for website. If you are careful, you can double check given links from them with links from search engines (Google, Bing, Duckduckgo, etc.)

Above are first good steps to do but not enough. In crypto, don't trust, verify. After you download a wallet, you must verify it. What is purpose of wallet verification step? To check and make sure the wallet you download are real, not phishing one. Don't trust given link from any source, always verify it.

I have been using these two websites, mostly CMC for price and some newly launched projects. I also use it to get the projects official website, and the exchange at which the project is listed. I think what I need to do is to be more observant than before.
legendary
Activity: 3024
Merit: 2148
January 23, 2022, 06:21:12 PM
#18
Mobile apps rarely publish their installation files on sites and instead rely on phone's store applications like Google Play. Metamask for Android, for example, doen't have any releases on their Github page, only a guide how to build it from source, which is not something a newbie would do, and potentially it's less secure than just getting the app from app store.

Just use some common sense, if it's a popular app but the first search result leads to an app with only thousands of review, then it's probably a malicious copy. Carefully examine the results your app store gave you before installing any of them.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
January 23, 2022, 12:05:19 PM
#17
To download applications (wallet or exchange applications), you must download them from official websites. It will lead to another question, how to know official websites?

If you are newbies in crypto, first two websites you can use to search for projects and related links exclusively links for website. If you are careful, you can double check given links from them with links from search engines (Google, Bing, Duckduckgo, etc.)

Above are first good steps to do but not enough. In crypto, don't trust, verify. After you download a wallet, you must verify it. What is purpose of wallet verification step? To check and make sure the wallet you download are real, not phishing one. Don't trust given link from any source, always verify it.
hero member
Activity: 1554
Merit: 880
pxzone.online
January 23, 2022, 10:53:59 AM
#16
How can we ignore these kind of hijacking/malware application as it is now a threat to those who mostly uses Android phones?
Be knowledgeable.

In any mobile phone digital distribution service whether app store or play store, it's easy to recognize a fake to the original. Check reviews, number of downloads, the developers, check the link of the app, using the "share" feature in the upper right, mostly the URL is simply written with its website "play.google.com/.../?id=io.metamask", fake ones have different characters on it. Also check the app website if it redirects on the same play store page.

Use adblockers either on mobile browsers and desktop too, firefox has lots of security features, mobile or desktop, just enable it and use "strict".
sr. member
Activity: 588
Merit: 251
January 22, 2022, 04:33:36 PM
#15
The basics apply to any OS: don't keep a lot of funds in hot wallets, don't install weird software, install as few apps as possible, or even better: use a dedicated system for your wallet.

I think using a dedicated system (either a phone or laptop) is more preferred and safer. Though, someone talked about using Ubuntu operating system or other Android OS. It is good to use new technology, but one will have to take time to learn how to use. The time I first ran Ubuntu on my system, it was fun, but I was more like a novice learning computer afresh, and I can't go into the market with that so I don't get myself messed up.
I make use of phone more often than laptop/desktop (which is once in a while), that is why I am more curious about the mobile version of everything we are talking about.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 21, 2022, 06:33:58 AM
#14
But one HW is meant to go out with you. At least this is how I see the things.
Aren't you afraid showing a hardware wallet in public is like waving a thick wallet filled with cash? Anyone with a $5 wrench in their pocket can't see how much is on their, but they might be curious.

I have a Nano S which imho looks too much like an USB stick. Not fancy at all. And if one (with a 5$ wrench) is watching, he'd already know when I ask to pay with bitcoin...

While I do carry it with me, I didn't have yet the opportunity to take it out and pay. At all! (I've done some typical transfers from the safety of my car or room though.)
I've even took it with me abroad in holidays, still no chance.
And now, with the pandemic, it's even worse, since I get out much less often.
So maybe when the opportunities will exist and I'll get to experience this for real, maybe I'll get to change my mind.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 21, 2022, 06:23:32 AM
#13
But one HW is meant to go out with you. At least this is how I see the things.
Aren't you afraid showing a hardware wallet in public is like waving a thick wallet filled with cash? Anyone with a $5 wrench in their pocket can't see how much is on their, but they might want to find out.
legendary
Activity: 1974
Merit: 2124
January 21, 2022, 05:46:57 AM
#12

You can make mistakes with both. The Google play store regularly hosts fake and malicious apps which are disguised as the real thing which you can accidentally download. Similarly, there are plenty of fake websites designed to trick you in to downloading fake apps, and these websites will also appear on Google search results. You should never trust an app just because it came from a specific source or what you believe was the legitimate website. Even if it did, websites and servers can be hacked and have the real files replaced with malicious ones.

The correct way to ensure your safety is to verify the download against the PGP signatures of the developers or the provided hashes prior to installing. You should download the software in question from the official site on your desktop or laptop, verify the file you have downloaded, and then transfer it to your phone to be installed.
Absolutely there are tons of fake applications over Google Play Store and IOS also deploying themselves as some crypto apps intended to install malwares i to your phone's and system which will eventually take Control of your password and keys and funds will be lost to the hackers.

Out of them most obvious ones are the mining pool apps or cloud storage apps that makes you fool and hack your system then which is far more dangerous than we think.Some of them are here :

Fake apps on Android

There are fake one's on IOS too and one famous was Trezor app that presented to be the legit one hardware wallet app but in actual it was scam and only one user was unlucky to fall victim of that scam and he commented out that :

Quote
Christodoulou isn't the only person to fall victim to the scam; Georgia resident James Fajcz also told the outlet that he lost $14,000 worth of Bitcoin and Ethereum to the fake app.



So people need to have an extra security measures as you have mentioned and verify the softwares before installing them in your system which will protect you from any kind of big scam.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 21, 2022, 05:32:28 AM
#11
The way I usually do is:
* ~
* always using hardware wallet with my funds on Android
Does that mean you bring your hardware wallet with you, or do you not use the mobile app "on the go"? The reason I have a wallet on Android is for the (rare) opportunity when I can pay with Bitcoin, and I want to leave my hardware wallet safely at home.

Yes, I bring it with myself. Imho the point of HW is safety and convenience. With so many horror stories related to HWs (yes, mostly stupid user errors, but still...) I would not keep all the eggs in that basket.
The HODL amounts can stay completely offline - from a private key or seed written onto paper to a completely offline cold storage or another HW. But one HW is meant to go out with you. At least this is how I see the things.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 21, 2022, 05:24:11 AM
#10
The way I usually do is:
* ~
* always using hardware wallet with my funds on Android
Does that mean you bring your hardware wallet with you, or do you not use the mobile app "on the go"? The reason I have a wallet on Android is for the (rare) opportunity when I can pay with Bitcoin, and I want to leave my hardware wallet safely at home.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 21, 2022, 04:32:58 AM
#9
is it better to use the website to download any wallet or exchange application for Android (as it is a normal thing to use for desktop/laptops) or use the Google play store which is now said to have some applications that hijacks clipboard and changes the address to the hijacker's address and when the transaction has been executed, nothing can be done to cancel the transaction (which is normal)?

The way I usually do is:
* going to the wallet software's web page and get from there the link to the correct app on Google Play store
* always using hardware wallet with my funds on Android
* always double checking properly the addresses involved in the transactions
hero member
Activity: 2156
Merit: 803
Top Crypto Casino
January 21, 2022, 04:26:44 AM
#8
I came across this post How to lose your Bitcoins with CTRL-C CTRL-V in the forum, Which brought a question to my heart, is it better to use the website to download any wallet or exchange application for Android (as it is a normal thing to use for desktop/laptops) or use the Google play store which is now said to have some applications that hijacks clipboard and changes the address to the hijacker's address and when the transaction has been executed, nothing can be done to cancel the transaction (which is normal)?
First Cryptocurrency Clipboard Hijacker Found on Google Play Store
A cloned MetaMask away from the original is now a victim from the Google play store.
It is said that
Quote
The first attack method the app used was to attempt to steal the private keys and seeds of an Ethereum wallet when a user adds it to the app. When BleepingComputer analyzed the app's APK file, we found that the app contains information that can be used to send this stolen data to a Telegram account.

How can we ignore these kind of hijacking/malware application as it is now a threat to those who mostly uses Android phones?


That is why it is always recommend to store cryptocurrency in a cold wallet for long term hodl. Another important information that has been informed through various post on this board is to avoid Google Play Store and visit wallet website to get the download link. Also always ensure that you are visiting the correct website by checking the url. Always keep your mobile device update and donot install unnecessary apps.
legendary
Activity: 2268
Merit: 18748
January 21, 2022, 03:42:36 AM
#7
is it better to use the website to download any wallet or exchange application for Android (as it is a normal thing to use for desktop/laptops) or use the Google play store
You can make mistakes with both. The Google play store regularly hosts fake and malicious apps which are disguised as the real thing which you can accidentally download. Similarly, there are plenty of fake websites designed to trick you in to downloading fake apps, and these websites will also appear on Google search results. You should never trust an app just because it came from a specific source or what you believe was the legitimate website. Even if it did, websites and servers can be hacked and have the real files replaced with malicious ones.

The correct way to ensure your safety is to verify the download against the PGP signatures of the developers or the provided hashes prior to installing. You should download the software in question from the official site on your desktop or laptop, verify the file you have downloaded, and then transfer it to your phone to be installed.
legendary
Activity: 3164
Merit: 3290
January 20, 2022, 11:42:27 PM
#6
How can we ignore these kind of hijacking/malware application as it is now a threat to those who mostly uses Android phones?
I have written back in the days a thread here Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses
And it wonders me that it have toked so long now that they get at Google Play Store.

But as LoyceV already have written :
The basics apply to any OS: don't keep a lot of funds in hot wallets, don't install weird software, install as few apps as possible, or even better: use a dedicated system for your wallet.
I am already at some point that i dont install a App that is from my work , for the Work. I dont trust it and i only use the in Work PC to check things.
 
Pages:
Jump to: