Bitcoin Forum
June 17, 2024, 06:40:21 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Can A Chrome app be a malwware and steal your private keys?  (Read 566 times)
dhru9 (OP)
Member
**
Offline Offline

Activity: 251
Merit: 80


View Profile
November 09, 2020, 09:28:54 AM
 #1

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    Huh

=
Yogee
Sr. Member
****
Offline Offline

Activity: 1554
Merit: 412


View Profile
November 09, 2020, 09:33:16 AM
 #2

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    Huh
There is no need to answer that. You just have to understand that storing private keys online is a HUGE mistake. Avoid depositing to that wallet or immediately withdraw your funds in case you've already done so.

Buy a hardware wallet or use open-source non-custodial desktop or mobile wallets such as electrum. Store your seed phrase and private keys OFFLINE.

edit - I read your story about Trezor. I kind of get it now why you've chosen gmail but storing offline is still the best method. Maybe not under your bed.
TGD
Hero Member
*****
Offline Offline

Activity: 1288
Merit: 620


Wen Rolex?


View Profile
November 09, 2020, 09:44:55 AM
 #3

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    Huh

We have same method of storing private key. LOL. Anything stored online can be hack and that's the cons of the cloud storage. But if we think about it, Everywhere we store it can be steal or destroy, It's either physically or virtually. So for safety precautions, Just encrypt your private key before you store it on Gmail if you really want to put it there.

I've been using Google drive to store my private key/recovery of my trezor for a very long time and so far my funds is untouchable.

Don't mind me | Just checking out here for Duelbits Promotion | Bitcoin 1M | Duelbits no 1
dhru9 (OP)
Member
**
Offline Offline

Activity: 251
Merit: 80


View Profile
November 09, 2020, 09:45:51 AM
Last edit: November 09, 2020, 10:16:27 AM by dhru9
 #4

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    Huh
There is no need to answer that. You just have to understand that storing private keys online is a HUGE mistake. Avoid depositing to that wallet or immediately withdraw your funds in case you've already done so.

Buy a hardware wallet or use open-source non-custodial desktop or mobile wallets such as electrum. Store your seed phrase and private keys OFFLINE.

edit - I read your story about Trezor. I kind of get it now why you've chosen gmail but storing offline is still the best method. Maybe not under your bed.

I look for technical answer from security guy. Your answer is not what i am looking.  And I am a nomad in countries where robbery is common.
YES there is a reason to answer this.  !! Angry  

=
Question123
Sr. Member
****
Offline Offline

Activity: 1624
Merit: 267


View Profile
November 09, 2020, 10:18:16 AM
 #5

Storing your private keys online is very risky because anytime possible that hacker will know it if they hack your device .

We are responsible for the security of our wallet just we make sure that we keep it safe from the hackers because they want to hack it to stole our coins .

You should write or keep your private key onlines or right it down so the hackers will never findout what is your private keys so they will not hack it and your funds is safe .
witcher_sense
Legendary
*
Offline Offline

Activity: 2380
Merit: 4372


🔐BitcoinMessage.Tools🔑


View Profile WWW
November 09, 2020, 10:22:35 AM
 #6

I look for technical answer from security guy. Your answer is not what i am looking.  And I am a nomad in countries where robbery is common.
I live n the nature and the mountains.
 and it's definitely safer bet for me to have it on email in case of all my things robbed I will have another 3k in BTC.
So YES there is a reason to answer this.

It would be safer for you to hide your keys in the forest than trusting Google in keeping something valuable. Google Mail in no sense a secure place to store your keys. They have full access to the information you send and recieve in your emails, your keys will be stored as plaintext on their servers once you decide to put them in there. If there is a malicious admin at Google, for example, they can sweep all your private keys and you have no chance to prove you were robbed. Of course, you can encrypt your private keys before uploading them, but it requires you to store additional keys and still doesn't guarantee you are safe. Literally, it would mean you exhibit your personal information and wait for hackers to crack it for bounty.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Leviathan.007
Hero Member
*****
Offline Offline

Activity: 1624
Merit: 722


Leading Crypto Sports Betting & Casino Platform


View Profile WWW
November 09, 2020, 10:49:19 AM
 #7

When we are talking about security you should remember nothing is completely and 100% safe. Because there is always a way to steal your coins. But, regarding the question you asked, storing private keys online is a huge mistake no matter if you trust chrome or not. many people lost their coins saying 'my bitcoins are hacked' while bitcoin wallet was not hacked itself but the environment they used to store seeds/keys was not reliable. I would recommend you to use offline methods instead of trying any online services, including chrome. However, if you are using windows PC platform, the chrome apps won't have access to the passwords and keys unless you give them permission for that, the only way here is to bypass the user-side permission request.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
finaleshot2016
Legendary
*
Offline Offline

Activity: 1722
Merit: 1007


Degen in the Space


View Profile WWW
November 09, 2020, 10:54:43 AM
 #8

Dude, it's a wrong move that you're putting private keys online. Imagine if all of your accounts got hacked by some anonymous hackers and they've noticed that there are private keys stored in Gmail, probably they will steal it. We can't say that it's safe because there are different ways of hijacking or hacking a specific account especially if hackers knew it stores valuable coins. The only thing you should do is be careful and don't disclose any information about where did you store your private keys.

We have same method of storing private key. LOL. Anything stored online can be hack and that's the cons of the cloud storage. But if we think about it, Everywhere we store it can be steal or destroy, It's either physically or virtually. So for safety precautions, Just encrypt your private key before you store it on Gmail if you really want to put it there.
Even putting encryption on private keys, it's gonna be easy to decrypt it especially when you're using free software for encryption.
dothebeats
Legendary
*
Offline Offline

Activity: 3668
Merit: 1353


View Profile
November 09, 2020, 10:59:01 AM
 #9

I actually got this advice from a forum post in the internet and have actually used it ever since: always have an ounce of doubt on apps that came from unknown sources. If your app came from verified, reputable sources such as the App Store or Google Play Store (for mobiles) and verified websites for your PC apps, you're good to go. Then again, the issue here is not the app as you've mentioned that you're keeping your private keys on your email. You might want to take a look at the security of the passwords that you're using and whether or not you have other means to secure the account like two-factor authentication.

Any app created in this day and age can have the potential to be used against its user to snoop and collect data and inflict malware on your PC. Observing extra care when downloading apps online would be your first line of defense to ensure that you are not gladly taking in software that will harm you.
milani
Sr. Member
****
Offline Offline

Activity: 1092
Merit: 254


View Profile
November 09, 2020, 11:01:22 AM
 #10

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    Huh

It is a pity, that you disregard the fact that every online app or service is not protected and too vulnerable for hack attacks. Of course you shoukd not keep your private information there - especially keys or passwords to wallets. You should remember this rule like your name or date of birth. Everything is good till nothing bad has happened. So it is better to to be safe than sorry about your lost assets.
dhru9 (OP)
Member
**
Offline Offline

Activity: 251
Merit: 80


View Profile
November 09, 2020, 11:10:38 AM
 #11

This forum useless no one answer I need.  I ask about random chrome extnetion abilities to read emails.

=
barto123
Sr. Member
****
Offline Offline

Activity: 650
Merit: 321



View Profile WWW
November 09, 2020, 11:12:00 AM
 #12

Malware is being written to find 12/24 words.

This is a terrible idea. Please level-up your security game.

Get a coldcard/seedplate & air gap that shit. Add some multi-sig or passphase too (aka 25th word)

There's going to be so many attacks on people who have this level of security.

Strive for the best security you can, Bitcoin is going to go up a lot - you definitely want to sort it out ASAP.

Also, CoinJoin/Lightning your BTC on TOR too using Wasabi. Privacy will only become more important as time goes on.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Lucius
Legendary
*
Offline Offline

Activity: 3276
Merit: 5723


Blackjack.fun🎲


View Profile WWW
November 09, 2020, 11:13:15 AM
 #13

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    Huh

The only way for malware to read the information on your email is to have your email hacked. If you install malware that has the function of a keylogger (records everything you enter via the keyboard), then you will compromise your e-mail password, which will allow the hacker to access your e-mail and gain possession of all the information contained there. The way you store your private keys is definitely very risky, and you should consider at least encrypting sensitive information you store online.

Google Chrome is a very popular browser, which means that it is constantly targeted by hackers. Examples from the recent past testify to this.

https://www.cnet.com/news/google-gooligan-accounts-hacked-malware-trojan-horse-gmail-play-drive-photos-docs/
https://threatpost.com/500-malicious-chrome-extensions-millions/152918/
https://threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
DdmrDdmr
Legendary
*
Offline Offline

Activity: 2352
Merit: 10854


There are lies, damned lies and statistics. MTwain


View Profile WWW
November 09, 2020, 11:32:51 AM
 #14


<…>
In February of this year, Google has to remove around 500 Chrome extensions from the store. Many of them were Ad related, but others were malicious, and could redirect the traffic to a malware based site with phishing or rouge links to malware downloads.

A couple of months later, Google has to remove a batch of 49 Chrome extensions that were specifically targeting crypto wallets.

Chrome apps require you to give them certain permission to operate, but people tend to give them whatever they ask for without question. Consequently, it’s feasible for an extension to oversee your activity, log and resend information to a hacker.

See:
https://www.zdnet.com/article/google-removes-500-malicious-chrome-extensions-from-the-web-store/
https://www.zdnet.com/article/exclusive-google-removes-49-chrome-extensions-caught-stealing-crypto-wallet-keys/
blockman
Hero Member
*****
Offline Offline

Activity: 2954
Merit: 627


Vave.com - Crypto Casino


View Profile
November 09, 2020, 11:36:09 AM
 #15

Yes, a chome app that contains malware can read or open your email. Delete it. Don't store your private keys into your gmail or another cloud service or provider. That's not a wise thing to do. And if you're a person that likes downloading extension apps to your browser, make sure that you know the source because they can contain malware which can access your entire personal computer. Just for your sake and private keys, it is best to store it and write it.

██████
██
██
██
██
██
██
██
██
██
██
██████
██████            ██████
 █████            █████
  █████          █████
   █████        █████
 ████████      ████████
  ████████    ████████
      █████  █████   
    ████████████████
    ████████████████
        ████████     
         ██████       
          ████       
           ██         
AVE.COM | BRANDNEW CRYPTO
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀.. CASINO & BETTING PLATFORM
██████
██
██
██
██
██
██
██
██
██
██
██████
██████
██
██
██
██
██
██
██
██
██
██
██████
🏆🎁
██████
██
██
██
██
██
██
██
██
██
██
██████
██████
██
██
██
██
██
██
██
██
██
██
██████
████████████████████████████████   ████████████████   ██████
.
..PLAY NOW..
.
██████   ███████████████████   █████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██████
Darkelf11
Member
**
Offline Offline

Activity: 509
Merit: 43


View Profile
November 09, 2020, 11:50:15 AM
 #16

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    Huh

Why do you store your private keys in your gmail? First of all, aren't you aware that google have its own access with what we store in our google accounts? It is much better if you store it on a paper than storing it online which is obviously can be accessed by anyone. If you install from untrusted website it is possible that it contains malware that may access your private information like emails and passwords. Everything that is stored on your pc can be accessed by these malwares. I think it is a wrong move to store important information like that in an online platform like google mail.
rodskee
Full Member
***
Offline Offline

Activity: 2408
Merit: 202


★Bitvest.io★ Play Plinko or Invest!


View Profile
November 09, 2020, 11:50:57 AM
 #17

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    Huh
never trust Online account to store any keys that has your cryptocurrencies because that is very prone to hacking mate,
Internet is an open place where experts can easily enters your accounts and find things that valuable to them without you even noticing this.

So much better to write it down in paper and leave in your room(of course in safe place and with no one knowing you are having those)
or put it in some place where no one will even know or expect that your keys are in there.

bitbunnny
Legendary
*
Offline Offline

Activity: 2912
Merit: 1068


WOLF.BET - Provably Fair Crypto Casino


View Profile
November 09, 2020, 12:02:44 PM
 #18

I don't think that Chrome app itself can be malware but it can get infected with different types of malware. Private keys are very sensitive data and it's not recommended to be stored anywhere online, in any app or database that can be easily hacked or breached.
People very often go for solutions that are convenient for them but don't pay enough attention to security and that is why so many incidents happen.

suzanne5223
Hero Member
*****
Offline Offline

Activity: 2660
Merit: 651


Want top-notch marketing for your project, Hire me


View Profile WWW
November 09, 2020, 02:00:29 PM
 #19

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    Huh
Yes, there have been an issue of some on chrome webstores to be use for phishing attack and I want to understand that login your wallet on a connected computer have expose your wallet not to talk of saving your wallet private information in email or any online activities.
We have a high ranking user of this forum that once lost his holding doing the samething.
So weeks ago I lost over 20k USD in Crypto.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.

If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.

Again be very careful with security, If you keep anything online then you're putting yourself at risk.

noorman0
Hero Member
*****
Offline Offline

Activity: 1764
Merit: 694


[Nope]No hype delivers more than hope


View Profile WWW
November 09, 2020, 05:05:46 PM
 #20

Malware can infiltrate your computer even if you are not a chrome user, including recording your activities when accessing Gmail using another browser. The threat of malware can also occur to Android users, where the virus attacks the Google account and remains active in a "background process".

I also remembered the problem of my yahoo mail account, where all old messages were deleted without notification. Although this has nothing to do with malware, it could happen to gmail.

In conclusion, storing PKs in Gmail is a bad choice and there is no reason to deny it.

This space for rent.
Available in mid January 2024 - PM me
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!