If you use a VPN and Norton can they still hack into your computer or get into your appdata files?
Yes, even with a VPN (hiding your real identity on the net) you can get infected. The problem with these ransomware virus is:
Most likely they come in the form of a PDF, DOC, DOCX, XLS (Microsoft Windows data types). After opening these files you see a message: "macros disabled, please activate macros for fully seeing the document". After the activation of the macro, a tiny script is launched. I have encountered different ransomware, starting with a simple visual basic script, going over to a json (java) to a lua (lua worst case "language", because it can be used to infect nearly every system, most PC game cracks are programed in lua). The script is downloaded the "real virus". The download is most likely moved to c:\temp or %temp% (user temp folder) and starts to encrypt all your files. I repeat: ALL your files includeing wallets, personal photos, music, movies... After the encryption you have the possibility to pay about 2 BTC right now (price is very different, starting from 0.5BTC going up to over 3). If you dont pay, you will, in most cases, never get your files back encrypted.
These virus are (thats a new version) also getting put into flash videos, yes Adobe flash videos!!!
But please keep in mind that this is nearly a worst case szenario. But still, even with Norton (or general antivirus) and a VPN you can have an infected pc.
I am interested to know how the hacker for example can steal my coins when they don't know my number and I have google authenticator installed in mobile phone and not in my PC. Personally I think this is impossible as the hacker doesn't know my mobile number or the code in the google authenticator in my phone but maybe I learn something new today, lets see the in depth explanation of this.
First of all, i am no "hacker" or "white hat", but i have some experience.
The problem is your emailaddress. You can imagine your emailadress as your last wall of defense. If anybody is able to get into your emailaccount you used for facebook, okpay, poloniex,... he can simply use the "forgot password" on all the desired pages. Even if you say: Hey, i have secret questions, he can't guess them: That's not true. With a bit google work and/or a bad facebook profile (everyone can see nearly everything) these questions can get solved.
So in our szenario the hacker has taken control of:
- Your emailadress you used for hashocean registration
- Your password you tryed to login on the phising site (for example hashocion.PHISHING), even if its not your master password, it's a password you used!!!
- The hacker/attacker might not be able to take control of all emailaccounts, but he will be able to hijack atleast a nice amount of the emailadresses
- Keep in mind that "forgot password" feature can be used on almost EVERY website!!!
- Worst case: your mobilenumber with active two factor authenticator. I am not 100% sure how this can be done, but it is possible to setup a "fake" google auth with your phonenumber so google auth thinks that this is rly your phone!
I hope this made the situation more clear about.
This "warning" isn't only for hashocean: If you want to login to a page, and you see: hm, normally it is PAGE.com and now its PAGE.io ======>>>>> DOUBLE/TRIPPLE/QUADDRO/PENTA check if this is just a different domain pointing to page.com or if this is a new, infected/phishing sate.
