How to protect your coins from malware
Just as the US Senate voted to ban all Kaspersky Lab products for use in government agencies, the threat from hackers and malware is still growing – and this time around cryptocurrencies. There are many ways that your coins can become vulnerable. There are many ways to attack your computer system or wallets, going beyond the ransom that Bitcoin is asking for. Learn how to increase security against the most common threats.
Always verify that you are on the right site when using MyEtherWallet. A clone can steal your private keys and collect your coins. Always open a wallet from your bookmarks and do not click on links from third parties. MyEtherWallet has fields for providing a key file, private key string, or mnemonic phrase.
Also consider using Etherscan.io to track funds and only unlock your wallet when sending Ethereum or tokens.
Cryptocurrency addresses are unpleasant to read – they look the same as others. And therefore, for some transactions, malware can change the address because you are trying to paste it from the clipboard. Keep in mind that this is possible, although very unlikely. Perform a visual verification of the address before verifying the transaction.
If possible, do not use the clipboard at all and rely on other mechanisms to translate the recipient address. As follows from this message from Bitcoin Wallet, it is better to scan QR codes or use the Share button on the wallet.
As this BitcoinTalk stream shows, such attacks are not so rare.
Keyloggers Password theft
Your wallet is protected by a strong password, but it is also an area where malware can be hidden. The malware class allows you to register keywords by stealing a password string.
The good news is that in order to run such malware, you will need to click the link. Avoid dubious emails and scan your system.
Watch for emails that try to fake credentials from official accounts, impersonating banks or government agencies. Know what letters to expect from your bank or tax office, and do not open unexpected messages, or contact customer support first.
Also avoid malicious links that trigger a download upon visit. Currently, malicious links are becoming more popular on social channels and are one of the most active vectors for fake ICO addresses and other cryptocurrency scammers. Stay away from questionable file extensions and do not trust your friends ’accounts – they may have been stolen.
It’s also good to know the channels that are currently targeted. Reddit, Telegram and other social networks where cryptocurrency discussions take place always invite fraudsters and try to install malware.
If you suspect key logging, run a scan on your system or simply review your processes and notice if something looks unusual. If you find a process, delete it from the startup folder.
Unclear Coin Wallets
With so many new coins, no one knows who their proprietary wallets trust. Some wallets work inefficiently, while others may work against you. Avoid untrusted GooglePlay wallets. Currently, online stores have been cleared of fake Bitcoin wallets.
In 2018, most coins cannot be mined on a regular computer. But this will not stop hackers from trying to squeeze the hash, especially if they can make a large collection of machines their favorite coin. There are cases when smart home devices were used for coins. And some coins are especially suitable for this form of mining, such as Monero – the coin acceptor is most often identified in hidden mining attacks.
Hidden miners usually come with a “dropper”, another installer file that also loads the miner.
There are allegations that MinerGate, designed for Monero and Bytecoin mining, actually hides external mining a little, or at least works inefficiently. Sometimes a secret installation is precisely the MinerGate software that is executed secretly by the user.