• fartsparkles@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    37
    ·
    edit-2
    8 months ago

    Quite often it’s another payload that installed the browser extension on the user’s host.

    SEO poisoning or malicious adverts, for instance posing as legitimate tools like FileZilla etc, leads to a malicious payload (loader, RAT, etc) that in turn downloads and installs the malicious browser extension.

    Install adblockers. Genuinely. It’s insane how many adverts on Google and Bing etc are straight up malicious. It’s been a problem for years now.

    • Soyweiser@awful.systems
      link
      fedilink
      English
      arrow-up
      10
      ·
      8 months ago

      While this is good advice, as the local ButtcoinMaximalist(tm, OG do not steal) I think this is only pleb protection, you know for the normal people. Butters should do more, be your own bank as they say. So clearly it is ops own fault that he lost his money, he should have setup a IDS which should have warned his SOC that something was wrong and then they should have taken action. Be your own bank! ;)

      But yeah it is amazing how a standard bank protection like ‘it is not possible to transfer huge amounts of cash/assets without additional checks and balances’ would simply stop most of this crime. But that requires centralization. (Google is also bad, and getting worse, I now double check download urls for tools via secondary sources and half the time also virustotal the exe files. But im paranoid).

      • fartsparkles@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        ·
        8 months ago

        But crypto is centralized XD Who pushes the commits? Who builds the binaries? The ledger may be distributed but it’s still all controlled by a centralized entity - the developers.

        • Soyweiser@awful.systems
          link
          fedilink
          English
          arrow-up
          9
          ·
          8 months ago

          Developers with even less oversight than the democratic/economic process. It gets worse when you take into account the people running all the servers/miners etc.