Possible Compromised Laptop With Seed in Password Manager?

[jerry0]

How you do protect yourself in these situations?

Don't use Windows. Keep your Linux OS and browser software up to date. Don't use Chrome. Don't use Google since they happily accept money from scammers and criminals to promote their ads. If you aren't using Tor, then use Firefox and install uBlock Origin, HTTPS Everywhere, and NoScript. Don't browse for random things on the same computer you are using to secure your bitcoin. Don't download random files.

It wasn't even a link, it was an answer to a question on google where i thought it would just open up an answer,,, the link opened up.  Then i did virus scan on windows scan and it found lot of threats.

Lots of threats? It sounds like your machine has been infected for a while and you were just unaware up until now.

Well the reason I use windows is because many programs I use... use windows.  A while back I considered buying a macbook laptop even though its expensive but then I found out lot of programs I would use is not compatible with mac.  Isn't that an even bigger issue with linux?


I had no idea chrome was not recommended.  Years ago I used firefox and then switched to chrome.  I heard of Tor... but never used it because I don't know anything about it.  I never even heard of Ublock origin.  The only thing i heard of is adblock plus which is what I use with chrome.


I normally do not use the same computer i store my coins and web browse.  I have a chromebook for that.  But issue here is I was web browsing... and that link opened up from google on my computer.  That has never happened before when you check an answer to a question.  I did not download any random files ever on my computer.  I only visited the site.


So which is the best browser you recommend then?  I heard of brave and microsoft edge.  But make sure you use ublock origin with it?  Is it better than adblock plus?  The https everywhere and no script... i never heard of this.  So these two programs would prevent any malware on the site you visit?


The thing is this laptop of mine still will be my main laptop whether I clean reinstall or not.  So the best suggestion is just clean reinstall it?  So don't open up any files up?  Is entering my password manager password a very bad thing to do?  But what if I moved all my coins and changed my passwords for the important things?


So do you recommend kaspersky total or bitdefender and it checking for everything and see where I can go from there?  I know the safest thing is just clean reinstall it... but my issue is I didn't make backup of it.  I do have some files transferred to a usb a while back.

[1714877321]

1714877321

[1714877321]

1714877321

[1714877321]

1714877321

[jerry0]

Then i did virus scan on windows scan and it found lot of threats.  Then how in the world do you protect yourself when googling things then?  I mean are you suppose to inspect every single site you want to visit?  So imagine you looking for cooking recipes and found a bunch of sites... you have to make sure its a cooking recipe site?

I don't understand why you've made it such a big deal. A computer that does not have a firewall protection is more vulnerable to be compromised. Just turn on your anti-virus, it will detect malicious sites and files. It's not recommended to keep bitcoins in such computer that connects to the internet either way.

You said you have a hardware wallet? What stops you from using it?

I am pretty sure my windows defender had firewall protection on.  My windows defender and malwarebyte was on the entire time when I clicked on the link.  Again, the windows scan detected tons of threats when I did a scan right after I clicked on the link.  My concern here is I stored seed in the password manager in the computer.  So if it could read my seeds from my password manager, that is not good.


I have a hardware wallet.  But some of my coins are not compatible with the hardware wallet.  So I have those software wallets on the computer.  There isn't an option for some of the coins I have because you can only use software wallets for it.  But the issue is i wrote the seed down in the password manager.  

How you do protect yourself in these situations?

Don't use Google

This is a big one for me. When I stopped using Google, it delivered better results than the alternatives, but I still switched for privacy reasons. However, recently I sat at another person's PC, which used Google by default and man, those results are hideous. Not only are the first few results ads; but also visually pretty well disguised. And lots of the actual results are totally trash and obviously paid to get those high rankings. While not actually being labelled as ads at all!
I can see how it's easy to misclick on some of those when looking for innocent stuff.

However - and I'm making an assumption here - it also depends what you're searching for. While this should all be common sense, obviously when looking for example for cracked software and other kinds of piracy, the probability is higher that someone is going to try to grab your money another way. I sincerely doubt you will get scammer links when sincerely looking just for recipes or technical questions online. Of course I can only judge this as someone using DuckDuckGo and Startpage; it's possible that Google will show you scam links in top positions when looking for recipes. But on the engines I use, I would almost guarantee the results are clean.

Also, after a while on the net, you should already see from the URL if it's something familiar, normal-looking or if it looks fishy. Like, the actual domain name, for instance. Above all search results (also in Google; just checked via Incognito window), you see it; and you also see the whole link when hovering.

Long story short: this should all be considered standard, basic precautions when surfing the web; but I guess some people don't want to bother. Then it's on them.

I also agree that a few extensions like uBlock Origin and HTTPS Everywhere are adviseable; some scammer sites don't get a certificate (or don't want to - since usually proof of ID is needed) and Origin removes some scammy shit like ads on Google by default, I think. Depends on your lists. Of course also great for privacy due to tracker blocking, but that's another story.

You said you have a hardware wallet? What stops you from using it?

He already said that he invests heavily in shitcoins so shitty that Ledger doesn't even have apps for them in their list of 1300+ coins.
It also seems like he just has a ton of different coins and I just discovered the other day that you can basically just install a handful of coins onto a Ledger Nano S, even if it 'supports' hundreds.

It's totally misleading that Ledger writes on their websites how Nano S is supporting 1100+ coins and app to 6 apps installed on your device, but in reality you can't install more than 2 or 3 apps.

Yes i do have a nano ledger.  The issue is lot of the coins i have and the seeds, they do not support the coin.  If they did, i would transfer every single coin of mine that has a seed phrase into nano ledger.

To be honest, if you're dabbling with these kinds of coins; while it's not my topic of interest, from what I know, these are used as very-short-term investments. Meaning, you buy a bunch, if they skyrocket, you insta-sell and then go to the next one. So, while I'm super duper pro-cold storage, hardware wallets, and all that; it may be financially smarter to keep them on an exchange so you can sell quicker. It also seems to me that a (reputable!!!) exchange might even be a safer custodian of those coins than someone keeping the seeds in the password manager.
Just an idea.

I had no idea using google is bad.  I been using it for years.  Yes i heard lot of scammer sites appear on google with those ads.  So which search is the best to use then?  You say duckduckgo and startpage.  So are these the best two?  I always used google because it was simple and clean looking site etc.  Yea its very easy to misclick stuff on google.


Well if you look for an answer to a technical question... how would google not post a bad site at the top?  Imagine say you want to find a link to an actual copy of windows from microsoft or a driver and then find it but it was some scammer getting that link to the top of google.  Then aren't you screwed when you search for it and click on it?  Yes the food recipe thing i mentioned... im sayin surely its possible for someone to post something like that?  Imagine looking for food recipe and then it opens up to be an ad for crypto and it might be malware etc.


What do you mean check incognito model on google the link.. you will see.  Can you explain what you mean by this exactly?


You say


uBlock Origin and HTTPS Everywhere are adviseable



So download both of these programs into your browser then?  So what about adblock plus? That is what i use for chrome and thought that is good for it. 


So the ideal setup is which web browser?  And having both of those two things you mentioned?  But that will protect you from almost everything?

[o_e_l_e_o]

I just discovered the other day that you can basically just install a handful of coins onto a Ledger Nano S, even if it 'supports' hundreds.

Slightly off topic, but that's simply how many apps it can support at a time. You can freely delete and install apps without affecting your private keys or coins. I could install the bitcoin app, send bitcoin to the Ledger wallet, and then uninstall the bitcoin app to install something else, and when I later reinstall the bitcoin app a month or more later, my coins will show up just fine.

Isn't that an even bigger issue with linux?

Depends what programs you want to use. There are free and open source alternatives to the most common Windows packages, such as LibreOffice and GIMP. You can use Wine to run most Windows programs on a Linux machine. If you absolutely must use Windows for something, then you can always dual boot or have a separate Windows device.

I had no idea chrome was not recommended.  Years ago I used firefox and then switched to chrome.  I heard of Tor... but never used it because I don't know anything about it.  I never even heard of Ublock origin.  The only thing i heard of is adblock plus which is what I use with chrome.

So which is the best browser you recommend then?  I heard of brave and microsoft edge.  But make sure you use ublock origin with it?  Is it better than adblock plus?  The https everywhere and no script... i never heard of this.  So these two programs would prevent any malware on the site you visit?

Here is your problem - you have no idea regarding what constitutes good security or good internet practices. I suggest you do a lot of reading. Chrome is terrible, Edge is terrible, Brave is terrible. No, HTTPS and NoScript aren't some magical shield which will prevent any and all malware from accessing your computer. Such a thing does not exist, and the fact that you keep asking for one piece of software to keep you completely 100% safe just goes to show that you don't really understand computer security.

Again, the windows scan detected tons of threats when I did a scan right after I clicked on the link.

It is incredibly unlikely that clicking on a single link has resulted in "tons of threats" on your machine. As I said above, your security practices are so poor that I suspect you have been infected with multiple pieces of malware for a period of time and you have just been unaware until now.

Move anything you can to your Ledger, and any coin/token so small and unknown that you can't store it on your Ledger then find a separate device which you don't go clicking random links on to download a software wallet to (or, you know, just sell it for bitcoin).

[Pmalek]

He already said that he invests heavily in shitcoins so shitty that Ledger doesn't even have apps for them in their list of 1300+ coins.

I can't stop but wondering what kind of coins and tokens those are. The majority of shitcoins are Ethereum-based, so he can just keep those on his Ethereum address on his Ledger. Maybe he doesn't know that and I wouldn't be surprised if he didn't. 

...I just discovered the other day that you can basically just install a handful of coins onto a Ledger Nano S, even if it 'supports' hundreds.

Even that is an overstatement right now. That handful is now 2 standalone apps, 3 if you are lucky (but I doubt it). You can still install a bunch of dependent apps that are forked of the standalone app. For everything else, you have to rely on installing/uninstalling to work with an app you need at that moment in time.

[BlackHatCoiner]

This is a big one for me.

Besides not using Google, I find not using Windows equally difficult. I agree with all the privacy advantages and similar you may gain by using a Linux OS instead, but that isn't enough to make me a Linux user. I'm a windows user since I was a child. I've used in their terminology and as much as I've tried replacing it with Linux, I've failed.

So, if someone like Jerry faces such issues, you can't just tell them to use another operating system if they've used to use Windows their entire life. I find the following post very relevant:

All OSs are vulnerable to malware and phishing attacks.  The only way to avoid being victimized is to educate yourself, and be diligent.  The OS you choose will not save you from mistakes.  

I've been using computers since Commodore 64s were all the rage.  I used Apple IIs and the first generation of Macs when I was in junior high and high school.  My first version of Windows was 3.2, and I've used every version since, including enterprise versions and some server versions.  Currently I use Ubuntu for a variety of tasks, and most of my servers run a version of Linux.  My daughters prefer Macs, so I've had a couple of those around the house for the last decade as well.

Those of us who have industrial engineering jobs, those of use who use CAD to earn our living, those of us who must interact with other people around the planet who use Word, Excel, PowerPoint, and the like...  How hard would we be making our lives trying contribute while using some buggy shitware?  All the best quality and most practical business and industrial software is written for Windows, and only Windows.  So yes, my main personal computer is built to run Windows, and that's the only way I'll have it.  Not because I don't know what else is out there or because I don't know how to use anything else.  It's because I like it, it works great for my needs, and it's been quite safe when I do my part.

When I say that I find Windows to be among the most versatile, useful, and dependable OSs of all that I've used, it does come from a place of experience.  So, you'll have to forgive me for not taking the advice of some newbie on an internet forum when he says things like "i suggest not using windows."

I can't stop but wondering what kind of coins and tokens those are. The majority of shitcoins are Ethereum-based, so he can just keep those on his Ethereum address on his Ledger. Maybe he doesn't know that and I wouldn't be surprised if he didn't.

Not that I like being biased, but he does look like the person who's here only for the quick profit without giving much attention to the potential risks buying shitcoins may have. What to say;

Most of the participants are convinced that they are too smart to get off the train before it crashes.

[o_e_l_e_o]

I can't stop but wondering what kind of coins and tokens those are. The majority of shitcoins are Ethereum-based, so he can just keep those on his Ethereum address on his Ledger. Maybe he doesn't know that and I wouldn't be surprised if he didn't.

I avoid all shitcoins, so I'm totally out of the loop on this, but aren't there a bunch of other trash centralized coins which allow to you launch your own even trashier centralized tokens on top of them, such as Tron and BSC? Can you store those on a hardware wallet? Might be better to just stick to coins which are hardware wallet compatible if you can't figure out a better way to store the other ones other than to save a seed phrase on your computer. (Although if you can generate addresses for a coin via a seed phrase, then there is no reason that it couldn't be stored on a hardware wallet, except that the developers don't care enough to build wallet software which can do that (which is even more of a reason to dump said shitcoin)).

For everything else, you have to rely on installing/uninstalling to work with an app you need at that moment in time.

I've never understood why people make such a big deal of this. It takes literally 10 seconds to swap apps. Perhaps if everybody wasn't in such a rush they would take the time to double check addresses properly as well.

Besides not using Google, I find not using Windows equally difficult. I agree with all the privacy advantages and similar you may gain by using a Linux OS instead, but that isn't enough to make me a Linux user. I'm a windows user since I was a child. I've used in their terminology and as much as I've tried replacing it with Linux, I've failed.

There are legitimate reasons to use Windows over Linux. I don't think "Linux is hard" is one of them. If you can use Windows, you can use Linux. I would suggest Linux Mint as a first stepping stone if you are a life long Windows user. You will struggle to stumble across an issue which doesn't have a step by step guide to resolve it written by someone in the community.

But yes, much like your bitcoin wallet, your OS is only going to be as safe as the person using it. If you go around saving seed phrases on the same computer you use to browse questionable sites, click on random links, and download random software with no due diligence, then no browser, no OS, no antimalware, etc., is going to protect you.

[Pmalek]

I'm a windows user since I was a child. I've used in their terminology and as much as I've tried replacing it with Linux, I've failed.

I can relate to what you are saying and I am pretty much the same way. All I have ever used is Windows, but I don't go around poking and clicking on everything. I am cautious by nature and that has helped me avoid malware and viruses my entire adult life.

So, if someone like Jerry faces such issues, you can't just tell them to use another operating system if they've used to use Windows their entire life.

No, that would just confuse him even more. I don't think it would be much safer because he doesn't listen and does things his way.

Not that I like being biased, but he does look like the person who's here only for the quick profit without giving much attention to the potential risks buying shitcoins may have.

I really don't know. He doesn't seem that active in the altcoin section and I can't remember he ever mentioned that he participates in bounties.

I avoid all shitcoins, so I'm totally out of the loop on this, but aren't there a bunch of other trash centralized coins which allow to you launch your own even trashier centralized tokens on top of them, such as Tron and BSC? Can you store those on a hardware wallet?

For BSC, you need to install a bridge as far as I know, but yes it should work. I have never owned any BSC so can't tell you much about it. Tron and their TRC10/TRC20 tokens can be stored on Ledger. They do require that you have Tron on the same account otherwise the portfolio seems empty and there are no records of your Tron transactions. I occasionally keep USDT on the Tron network on my Ledger and besides a longer sync time compared to Bitcoin, everything else is ok.

I've never understood why people make such a big deal of this. It takes literally 10 seconds to swap apps.

Honestly, me neither. The reason why I would stop using my Nano S will surely not be because I can't have 3 or more apps installed on it at the same time.

[jerry0]

Many of the other altcoins I have is not supported by nano ledger.  That is why I don't have it all transferred there.  Previously they were in an exchange and then I downloaded software wallets for it.  I do not do trading with these crapcoins.  I basically bought them years ago and held them in an exchange or wallet etc.  I am not doing any quick trading of any sort.


The reason why I use windows is because that is all I ever used.  Other thing is some programs I use... are not compatible with windows.  So using linux or mac won't work for me.


Someone else suggested what I can do is transfer all my files from the possibly compromised laptop to an external hard drive or the cloud.  Then wipe my windows clean and do a clean reinstall.  Then when using the new computer scan all those files in a non administrative account and then check to see if there is any malware before copying the files to the new computer.  Is there any issue with this?  Again I know the easiest thing to do is just clean reinstall my laptop, but I have files there I want to keep etc.  But is it risky transferring those files?  I know had i done a macrieum reflect backup, then I wouldn't had these issues etc. 


The other option is downloading kaspersky total or bitdefender and scanning the machine to see what it finds and then remove those threats.  And maybe continue using it?  Again I am just stumped on what to do because I don't have my full backups.


The big issue here is I have seed stored in my password manager, so if I open it up, if keylogger there, then I'm screwed?

[BlackHatCoiner]

The other option is downloading kaspersky total or bitdefender and scanning the machine to see what it finds and then remove those threats.  And maybe continue using it?

Have less trust in anti-viruses. If your machine has caught anything, then for whatever “cleaning” program you install, you'll never be sure you're safe; I'd say not even close.

What kind of files are those you want to export? Are they just videos, images and wallet.dat kind of files? If that's the case, then just transfer them in a USB, wipe up the drive and re-install your OS. If there are closed-sourced executables included, then I advice against.

The big issue here is I have seed stored in my password manager, so if I open it up, if keylogger there, then I'm screwed?

If we assume you copy it, then yeah. Keylogger will detect it. Note that there are screen recording kind of malwares, so just having the seed phrase on-screen on a virus-affected machine is neither safe.


I know we sound fearmongering, but it's the way computers and bitcoin work that makes us, completely justifiably, do.

[jerry0]

I downloaded kaspersky total and going to scan my computer now.  Someone mentioned this is the best antivirus that could find malware/trojan and keylogger.  So if it finds things and removes it, it still isn't safe?  I read kaspersky can find like 99% of keyloggers.



The files I want to transfer from the laptop are microsoft word/excel files.  But also some videos and pictures as well.



Also there is something I forgot to mention but not sure if it is that important.  I mentioned when I clicked on the link, my password manager was opened during that time.  Then I closed it.  I am actually still logged into my emails on my chrome browser during this time.  So if I visit the email site now, well it goes straight to my email.  So if my computer was compromised, wouldn't they be able to send emails and things like that already?  However, if you want to change your email password, they need the current password so unless I type it in again, they don't have it? 

[jerry0]

So I did the kaspersky scans... all of them... full scan, vulnerability scan and background scan. It found 0 threats. So what are your thoughts on this? From what I read, kaspersky total is one of the best virus programs out there.


So does this mean most likely I do not have any malware/trojan/keylogger then? So windows defender had removed it earlier?


Yea the thing is if I had a recent macrium reflect image backup... I was told a while back this is when you do a backup of my your entire hard drive and copy it to an external hard drive... and basically whenever you want to do a clean reinstall, you do that... then when you copy from this backup image in the external hard drive, it will make your cleaned laptop look exactly the same as how it was when you saved it. But I did not do this. Thus I don't want to clean reinstall because if I do, then I have to download all the programs again etc. But the main issue is lot of my files are not transferred from it yet. And if I transfer it... I risk it being infected right? However, kaspersky did not find anything.

[Pmalek]

We keep going around in circles all the time. It comes down to this. You are not going to delete those files and most probably you aren't going to reinstall your OS either. So just keep them and do whatever you want.

Your computer has already been infected for who knows how long. Maybe it wasn't anything serious and your AVs picked up tracking cookies, but maybe not. You are too confident in the performances of AV software. Those are just pills and antibiotics that you take WHEN YOU ARE ALREADY SICK. You need to take precautions not to get sick in the first place.

If you believe your computer is now safe, keep using it.
If you don't think so, reinstall your OS and start fresh.

Are we going to discuss this several months until you make a decision?

[jerry0]

Okay I will clean reinstall it.  But before I do this, what do you recommend I do first?


Again my issue is I have lot of files that I need to copy/paste to an external hard drive.  How do I know these files are not infected?  Again Kaspersky total scanned my entire laptop and it found nothing.  I ask this because say after I do a clean reinstall, then when I transfer these external files back, how I know for sure they aren't infected before I transfer these files?


Then with all the programs I have installed... just write down every single program name I have installed so I install it again after I do the clean reinstall right?

[Pmalek]

How do I know these files are not infected?

You don't. You can't be 100% sure of it. That's what we have been trying to tell you.  

I ask this because say after I do a clean reinstall, then when I transfer these external files back, how I know for sure they aren't infected before I transfer these files?

It's the same question as above but asked differently. If you introduce malware-infected files to a system with a clean virus-free OS, you are bringing malware onto that new setup, assuming there is some malware. 

Then with all the programs I have installed... just write down every single program name I have installed so I install it again after I do the clean reinstall right?

Are there that many essential pieces of software that you have to write their names down on a piece of paper? Just install the things you need on a daily basis, not everything that's been sitting on your PC for years. Another thing, computer programs can also come with malware, adware, spyware, whatever. Especially if you are dealing with pirated software and torrents.
Don't install unnecessary bloatware on a system that handles your crypto and private keys.

[n0nce]

This thread is going nooooowhere It's kind of hilarious and sad at the same time, sorry Jerry for saying this. But you're also losing people's time (sometimes even seems intentional) so I guess it's fine that I get some fun out of it as well.

Asking for something actually answered in the quote above it? Check.

How you do protect yourself in these situations?

Don't use Windows. Keep your Linux OS and browser software up to date. Don't use Chrome. Don't use Google since they happily accept money from scammers and criminals to promote their ads. If you aren't using Tor, then use Firefox and install uBlock Origin, HTTPS Everywhere, and NoScript. Don't browse for random things on the same computer you are using to secure your bitcoin. Don't download random files.

~~~

So which is the best browser you recommend then?  I heard of brave and microsoft edge.  But make sure you use ublock origin with it?  Is it better than adblock plus?  The https everywhere and no script... i never heard of this.

The still ongoing, hopeless search for a 'magic pill' software that makes you 100% safe, without following basic precautions (which does not exist):

So these two programs would prevent any malware on the site you visit?

So do you recommend kaspersky total or bitdefender?

So which search is the best to use then? You say duckduckgo and startpage.  So are these the best two?  I always used google because it was simple and clean looking site etc.  Yea its very easy to misclick stuff on google.

So download both of these programs into your browser then?  So what about adblock plus? That is what i use for chrome and thought that is good for it. 

So the ideal setup is which web browser?  And having both of those two things you mentioned?  But that will protect you from almost everything?

Imagine say you want to find a link to an actual copy of windows from microsoft or a driver and then find it but it was some scammer getting that link to the top of google.  Then aren't you screwed when you search for it and click on it?  Yes the food recipe thing i mentioned... im sayin surely its possible for someone to post something like that?  Imagine looking for food recipe and then it opens up to be an ad for crypto and it might be malware etc.

This is why I recommend Linux or even macOS. I myself use all platforms, professionally and personally, it depends. But I do feel it's easier to unintentionally download malware on Windows. Sure, you can operate Windows machines for decades without issues. But compared to macOS, especially people who have little idea about what they're doing, will be more secure downloading stuff from an 'AppStore' or package manager than having to web search for it.

It's also that in Windows, you're by default root and people are used to installing software with root privileges all the time (maybe unintentionally installing a RAT with alll the rights). Also, the much larger market share of Windows vs other OSes on the desktop means that it is financially more interesting to develop Windows malware.

Actually, I believe the safest OS 'for the masses' is not even a Desktop OS at all. Most people will be most secure using a tablet / iPad with a keyboard, probably. All software will need to come from the official 'AppStore', everything's sandboxed, there will be no drivers, no privileges, no .exe's from the web. These days, you can easily work on Microsoft Office documents and manage your photo / video library on a large iPad.

Are they just videos, images and wallet.dat kind of files? If that's the case, then just transfer them in a USB, wipe up the drive and re-install your OS. If there are closed-sourced executables included, then I advice against.

Theoretically, viruses can nest themselves into any file. So you would probably need to virus-check that thumb drive before inserting it into the fresh new PC (without infecting the machine that is meant to virus-check it)... so it does kind of become a cat-and-mouse problem. If I were to design such a virus, I'd probably have it immediately infect the OS / AV in the first place such that it won't detect / flag / delete the virus on the thumb drive.

[BlackHatCoiner]

Theoretically, viruses can nest themselves into any file.

How's that? How can you infect my machine by sending me a .txt file? I only know that it's possible for programs that gain access to the sensitive data of Windows such as executables.

It's kind of hilarious and sad at the same time

You may find more “diamonds” if you search their topic history. I mean, this guy is in bitcoin since 2017 at least, and they don't know how to protect themselves already?

[n0nce]

Theoretically, viruses can nest themselves into any file.

How's that? How can you infect my machine by sending me a .txt file? I only know that it's possible for programs that gain access to the sensitive data of Windows such as executables.

I'm not 100% sure about .txt, but definitely with images and music files. I read about these a long time ago; here's something I just found through a quick web search from 2002: Perrun virus

Here's also one of many StackOverflow topic about this matter.

I think the two main concepts are to either build an executable that executes a virus & displays a 'dummy' image when executed (double clicked), and naming it something.jpg or to exploit a bug in the image viewer and embed attack code into the file, which is executed when the bug is triggered during image loading.

It's kind of hilarious and sad at the same time

You may find more “diamonds” if you search their topic history. I mean, this guy is in bitcoin since 2017 at least, and they don't know how to protect themselves already?

You're right, 4 years is a long time. Should be enough to get familiar with the topic. To be honest, people should know how to protect their computer, regardless of using Bitcoin or not. Meaning when they do get into BTC, they should already know how to responsibly use their machines and how to protect and backup their data.

[o_e_l_e_o]

Actually, I believe the safest OS 'for the masses' is not even a Desktop OS at all. Most people will be most secure using a tablet / iPad with a keyboard, probably. All software will need to come from the official 'AppStore', everything's sandboxed, there will be no drivers, no privileges, no .exe's from the web. These days, you can easily work on Microsoft Office documents and manage your photo / video library on a large iPad.

I think the problem with this approach is that it almost encourages users not to pay attention to their security and not to do any due diligence. We see countless fake wallet apps popping up on various app stores, and users downloading them and using them without a second though because they wrongly assume Apple or Google have done their due diligence for them.

How's that? How can you infect my machine by sending me a .txt file?

If it is definitely just a .txt file and you only open it with notepad or similar, then you will almost certainly certainly be safe. However, I might send you a file called pgpkey.txt.exe or pgpkey.txt.bat, and since Windows hides file extensions by default, then it would show up as pgpkey.txt. You double click it and the virus runs. Or maybe I send it you as a .zip or a .rar which you think only contains a .txt file, but has other hidden files in there too. On Windows, I could create a shortcut to some malicious web address and rename it to pgpkey.txt and send it to you. You double click on it, and your browser opens the malicious link. I am by no means an expert, but I'm sure there are countless other ways to disguise a virus as a .txt file.

[dkbit98]

This thread is going nooooowhere It's kind of hilarious and sad at the same time, sorry Jerry for saying this. But you're also losing people's time (sometimes even seems intentional) so I guess it's fine that I get some fun out of it as well.

Than please STOP replying to this lunatic spam agent jerry007 translated topics/posts, click on Ignore button and don't let him drag you down with all other.
I am also seriously thinking about ignoring other members who continually keep replying to his empty posts... worse than spam topics and plagiarism we see in Bitcoin section.
I would understand if it happened one or two times, but if it's happening all the time than something is seriously wrong  

[Pmalek]

However, I might send you a file called pgpkey.txt.exe or pgpkey.txt.bat, and since Windows hides file extensions by default, then it would show up as pgpkey.txt. You double click it and the virus runs.

That's why you should always check what type of file you are opening before you actually open it. Instead of double-clicking on it, right click and go to properties. Under the general tab you will see type of file. Even if the file is a .bat or an .exe disguised as a .txt, your system should show you what it really is. Unless those who are creating malware have found a way around this as well, this should work.