• Mii@awful.systems
    link
    fedilink
    English
    arrow-up
    32
    ·
    7 months ago

    Maybe don’t install shady crypto extensions next time. Or don’t log into your wallet in public WiFi just so you can accidentally show off to the person sitting behind you at Starbucks.

    • fartsparkles@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      37
      ·
      edit-2
      7 months ago

      Quite often it’s another payload that installed the browser extension on the user’s host.

      SEO poisoning or malicious adverts, for instance posing as legitimate tools like FileZilla etc, leads to a malicious payload (loader, RAT, etc) that in turn downloads and installs the malicious browser extension.

      Install adblockers. Genuinely. It’s insane how many adverts on Google and Bing etc are straight up malicious. It’s been a problem for years now.

      • Soyweiser@awful.systems
        link
        fedilink
        English
        arrow-up
        10
        ·
        7 months ago

        While this is good advice, as the local ButtcoinMaximalist(tm, OG do not steal) I think this is only pleb protection, you know for the normal people. Butters should do more, be your own bank as they say. So clearly it is ops own fault that he lost his money, he should have setup a IDS which should have warned his SOC that something was wrong and then they should have taken action. Be your own bank! ;)

        But yeah it is amazing how a standard bank protection like ‘it is not possible to transfer huge amounts of cash/assets without additional checks and balances’ would simply stop most of this crime. But that requires centralization. (Google is also bad, and getting worse, I now double check download urls for tools via secondary sources and half the time also virustotal the exe files. But im paranoid).

        • fartsparkles@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          8
          ·
          7 months ago

          But crypto is centralized XD Who pushes the commits? Who builds the binaries? The ledger may be distributed but it’s still all controlled by a centralized entity - the developers.

          • Soyweiser@awful.systems
            link
            fedilink
            English
            arrow-up
            9
            ·
            7 months ago

            Developers with even less oversight than the democratic/economic process. It gets worse when you take into account the people running all the servers/miners etc.