Computer and Phone Security Questions

[jerry0]

Use a windows laptop as my main pc for doing anything important.  This would include using ledger live and any other software wallets that i have.  Also would be email, logging into crypto exchange websites etc.  i try my best to not visit sketchy websites on my windows pc.  Use a chromebook to web browse and browse forums that could be sketchy and just web browsing etc.  So anything i download to my windows pc, i try my best to be careful such as verify downloads like with electrum.




On my phone, i check emails and youtube etc.  Also have those two factor authenticator apps on it when i use it to visit sites like coinbase etc which would ask me for that code in order for me to log in etc.  i do web browse on it but i try my best to not visit websites that i have no clue about.  i do not have any software wallets on my iphone at the moment.




Now i know browsing safely and not checking or clicking on shady websites or emails will protect you from malware/keylogger/virus etc.  But what if you accidentally go to a website or click on a link on your pc or iphone?  For example last time i had someone email me a document to my dummy email address and then i opened it on my phone.  Made mistake of not checking the dummy email and opening the document on a chromebook.  Now i am not concerned about that person sending me anything malicious but my concern is more so that person's pc or phone might have malware/keylogger and when they send me that document and i open it... then i could get malware/keylogger/virus. Can someone here explain how i would find out if my pc or iphone is safe from malware/keylogger?  Also i pay for antivirus... kaspersky total.  Previously had used the free windows defender antivirus.  




What i then did was login to my dummy email on my neighbor chromebook and download that file document to the chromebook.  My concern is my neighbors chromebook.. he bought it refurbished a while back... so could chromebook have malware?  Even if it does, would it even affect this situation since that document never was opened on my main windows pc?  i had to make changes to the document on the chromebook and then saved revised copy of the document.  i then sent that revised copy to my dummy email address while logged in the dummy email. i then went to a local print shop and logged into my dummy email in order to print the document out.  Once i did that, i took photos of the document on my iphone and saved it to my iphone.  Then while logged into my primary email account on my iphone, i then sent that document to my primary email address... thus sending the email document to myself.  Once i did that, i went to my main windows pc and logged into my primary email, and downloaded that document sent from my iphone. Then i had to create an email and attach this document to the email and then i sent it to someone.  



My question now is... is my windows pc still safe or not?  The reason i ask this is because even though i went through that whole process of having the original document sent to my dummy email address opened on my windows pc... well i made a mistake of using my phone and opening the preview of the document on the dummy email account on my iphone.  So if my phone got malware/keylogger/virus from opening the attachment on my iphone... well me taking picture of the revised document on my iphone and saving it and then sending it to my primary email address and then opening and downloading that revised document on my main windows pc before sending it to someone else could infect my windows pc right?  Thus imagine someone's device has malware and they send someone else a document to open... but even though that document isn't specifically infected... it can because the person sending the document's device is infected?  So any file sent from someone with an infected device could infect others or not?  Because had i not previewed the document sent to my dummy email on my iphone, then there is zero concern right of any malware/keylogger etc since both my iphone and windows pc would have no malware etc

[1714906012]

1714906012

[1714906012]

1714906012

[1714906012]

1714906012

[1714906012]

1714906012

[jerry0]

So how do i make sure my iphone is malware/keylogger/trojan free?  i do not want to wipe it clean and start new.  Thing is now im concerned about downloading any wallets on this phone as i want to maybe use a mobile wallet.  is that safe or not?  On a new phone or wiped clean, there obviously is no issue.  Kaspersky Total is enough to check my windows pc right or not?



The other thing is im concerned now about logging into my coinbase and gemini app on my iphone.  Because if i have malware/keylogger/trojan on phone, isn't it risky typing in my password to log in?  However, i do use two factor authenticator like authy or google authenticator but both these apps are on the same iphone.  So if my iphone has malware/keylogger, could a hacker literally see me typing in my password but also they see what the 6 or 7 digit code is each time when i log into my coinbase or gemini account?  Or that won't work because once i enter the 6 or 7 digit code, they can't and need a new code?



So logging in coinbase or gemini would not be a concern on my windows pc then... assuming only the iphone has malware/keylogger?  Because if you have a password manager on your phone and say it has malware, wouldn't the hacker have access to everything you type on your phone then?  But i heard its very hard to get malware or virus on ios though with iphone?  Anyone have experience with this?  

[jackg]

You've written quite a lot (and not said things like how you previewed the file or how you edited it)...


To get malware from a document you'd NORMALLY have to enable macros at the very least.

Enabling editing and getting a virus from that would likely give you a good enough number of tells.

Opening a preview on your phone is probably harmless too. I don't think there's anything a pdf can do to cause much damage (and I'm assuming this is how a preview would've been rendered as iPhones can't view odt or doc formats afaik).

[jerry0]

What about opening preview on laptop?

[mk4]

Man, that's a lot lmao. Sorry but ain't no way I'm going to answer every single one of that.

Here's what I'll say:

1. Just wipe everything if you aren't sure; just to be safe, and just so you can sleep better. We can't really know for sure either unless we actually have access to your devices.
2. Change your account passwords, use 2fa, and don't re-use passwords.
3. Antivirus/antimalware aren't that effective. Haven't used one for like 5 years and my devices are fine because I'm cautious.
4. Seriously, just buy a hardware wallet.

[Upgrade00]

My question now is... is my windows pc still safe or not?

Virus and malwares are constantly changing and evolving, so while the chances are slim of having contacted one of either from previewing the document with your phone and PC, they do exist. So, by all means, you can do a full sweep to be extra sure your devices are not compromised.

Also, segregate how you store sensitive information. Large amounts of cryptocurrencies should be in a hardware wallet or an airgapped device. Other sensitive data could be in separate drives, so even if your devices get compromised, that invader cannot access your important data.

[gagux123]

I would like to give you some advices that can help you and increase your security.

• If possible, have a specific computer for transactions and use only for crypto assets. Do not access anything with this device (desktop or laptop)

• Use 2FA

• Avoid accessing platforms/web sites in a public internet, because you can may be redirected to a fake site and suffer some phishing scam

• If you receive an email saying that you have to update your registration data from some exchange, do not click, you may be falling into a phishing, the same applies to updating your seed, if you receive an email from Ledger or Trezor for example!

• Use a hardware wallet

[Lucius]

What about opening preview on laptop?

How about you finally start reading what people write to you and start applying what you read? We all need to be careful when it comes to our devices, but we can't and shouldn't turn into paranoid characters who can no longer open a browser or log in to e-mail in fear that someone will hack us.

Buy one of the top antiviruses/antimalware + firewall and don't download suspicious files and you will be quite safe with the use of the hardware wallet you have. You can also use smaller amounts in the hot wallet on your smartphone, but also follow the rules that apply to a personal computer.

[PrimeNumber7]

Opening a preview on your phone is probably harmless too. I don't think there's anything a pdf can do to cause much damage (and I'm assuming this is how a preview would've been rendered as iPhones can't view odt or doc formats afaik).

What about opening preview on laptop?

Even previewing a potentially malicious file is generally not a good idea on a phone or a laptop. While "previewing" a file will generally mean that you are looking at the file in a more "sandboxed" environment, there is no guarantee that someone has not figured out a way to get arbitrary code to run when someone "previews" a file.

Can someone here explain how i would find out if my pc or iphone is safe from malware/keylogger?  Also i pay for antivirus... kaspersky total.  Previously had used the free windows defender antivirus.  [/b]

It is not possible to know with certainty that your computer is not infected with malware. If you had antivirus software running when you opened the potentially malicious file, your chances of being infected are lower, but it is still possible that someone infected your computer with malware that your antivirus software did not detect as being malicious. It is also possible that any malware will change the output from your antivirus software.

[NeuroticFish]

4. Seriously, just buy a hardware wallet.

The thing is.. OP does have a HW. But he has a habit of coming with overly newbish questions... on everything he touches.

My question now is... is my windows pc still safe or not?

If you have doubts, you have 2 options:
1. Go to a web page like Best antivirus rescue disks of 2022, pick one, download, burn to CD/DVD and boot from it. Let it update, let it clean whatever it finds (with a big remark that most do find false positives too) and then there's a very good chance you're OK (even if maybe it did find and cleaned unwanted stuff on your windows)
2. Get your computer to professionals to check it (with the risk they'll find out things you may not want to be found)


Some partly off-topic advises:
* if you are this scared because you have a significant amount of BTC on your Ledger, maybe you ask more about how to keep most of that money separately offline so you can sleep better
* if you have questions, it may be a good idea to keep it short. In this case Chromebook is one thing with one way of handling, Android is different, Windows is also different. So you may get mostly partial answers and a great mess in the thread.

[Fivestar4everMVP]

Thus imagine someone's device has malware and they send someone else a document to open... but even though that document isn't specifically infected... it can because the person sending the document's device is infected?

I would say No to this assumption, sending an infected file from an infected device to another device that is not infected will not infect the device I believe.
Malware, keyloggers, viruses are usually a file like, that have to be live or living in the device storage to consider that device infected, though sometimes, this malware and viruses find a way to hide their self In a device storage that it is very hard to tell or differenciate between a real file and a malware without the help of an anti virus software.
The only way an infected device can end up infecting the other device is if everything or file on the infected device is moved or copied to the device that is not infected, which means that in the process of moving or coping, the malware, keyloggers or virus file is moved or copied along without the user knowing it.

This is how I understand the above to work, I might be mistaken, so I am absolutely open to correction.

[jackg]

Opening a preview on your phone is probably harmless too. I don't think there's anything a pdf can do to cause much damage (and I'm assuming this is how a preview would've been rendered as iPhones can't view odt or doc formats afaik).

What about opening preview on laptop?

Even previewing a potentially malicious file is generally not a good idea on a phone or a laptop. While "previewing" a file will generally mean that you are looking at the file in a more "sandboxed" environment, there is no guarantee that someone has not figured out a way to get arbitrary code to run when someone "previews" a file.

I remember I said "probably" at the time because I was thinking specifically about the document being full of links (either clearly displayed as hyperlinks or hidden - like an image being hyperlinked from), clicking on of those and downloading something that could then spread malware/infect your phone.

[jerry0]

So say someone gives you their btc address that they want you to send btc to.  They type it to you on messenger or email.  Now you would then use your mouse to copy and paste that btc address for you to send btc to.  Now is it possible that btc address they post could have malware or not?   i assume as long as you use mouse to copy and paste and as long as it doesn't display any link... then its safe?


i assume a person can't post the btc address like this.... 3b9omwjekw509906jkfjslfs and the moment you copy the btc address or paste it... you somehow get malware right?  Such that a person can't make something that look like a btc address... an actual link that you can click on to get malware?

[PrimeNumber7]

Opening a preview on your phone is probably harmless too. I don't think there's anything a pdf can do to cause much damage (and I'm assuming this is how a preview would've been rendered as iPhones can't view odt or doc formats afaik).

What about opening preview on laptop?

Even previewing a potentially malicious file is generally not a good idea on a phone or a laptop. While "previewing" a file will generally mean that you are looking at the file in a more "sandboxed" environment, there is no guarantee that someone has not figured out a way to get arbitrary code to run when someone "previews" a file.

I remember I said "probably" at the time because I was thinking specifically about the document being full of links (either clearly displayed as hyperlinks or hidden - like an image being hyperlinked from), clicking on of those and downloading something that could then spread malware/infect your phone.

Using the "preview" feature will prevent you from visiting any (malicious) links, however, it is not guaranteed to prevent you from opening malware, including malware that is hidden.

So say someone gives you their btc address that they want you to send btc to.  They type it to you on messenger or email.  Now you would then use your mouse to copy and paste that btc address for you to send btc to.  Now is it possible that btc address they post could have malware or not?   i assume as long as you use mouse to copy and paste and as long as it doesn't display any link... then its safe?


i assume a person can't post the btc address like this.... 3b9omwjekw509906jkfjslfs and the moment you copy the btc address or paste it... you somehow get malware right?  Such that a person can't make something that look like a btc address... an actual link that you can click on to get malware?

If you have raw text, that text is compromised of a bitcoin address, and you copy that text, you will not be exposed to malware.

There is however always the potential that someone will transmit hidden malware to you via whatever means of transmission they send you that address. If someone is communicating with you via a messaging app, or via email, there is the risk that malware is being transmitted to you via that app or via email.

[jerry0]

By raw text you mean like what me and you are typing now right?  No link at all?



So say we are chatting on messenger or i sent you a pm here and type to you 3b9omwjekw509906jkfjslfs as the btc address that i want you to send btc to. 



When you look at the address, it looks like raw text but how can you be sure before you take your mouse and then copy and paste it to your wallet and making sure that btc address isn't a hidden link?

[yourthankyou]

Once i heard from my IT-specialist friend that breaking into computers is super easy for those who are into this topic and no matter how well you protect your devices, if a hacker wants them hacked, nothing will save you  moreover, they steal loads of info and use it latar with not the best intentions