The SurfBar.
-
@vExact yup... this SMS 2FA stuff is a big issue. What are your opinions on 2FAs such as Google Authenticator? - Mine is that this can be dangerous too if the person using it doesn't understand how to use the app, secure backup codes, etc.
-
@k.coins I think google authenticator is quite different and safer, as it doesn't have to do with your phone number (as far as I know) but rather with your google account. It also works if you are not connected to the internet, and as you know it changes every 30 seconds. Problem is if you have a piece of malware on your phone that has access to the camera and makes silents screanshots for the attacker, etc.
But again the most secure options are the ones you have a hardware device using an U2FA like this one
https://www.yubico.com/products/yubikey-hardware/yubikey4/
-
@vExact Then they will also need passphrase and 2fa and if they have malware on pc and phone rip more than just burst balance
-
Guys check out this talk of John McAfee about cybersecurity. The man is completely right. Now you know, don't ever watch porn from your mobile phones! XD
-
@vExact Ha! I just watched that the other day. I found it after watching this video -
which is pretty funny btw.When I saw him speaking on stage though, I started to think he was full of sh*t because his ramblings lacked substance. I mean, he's talking about click bait...
On another note, I've now searched the AppData folder of 4 computers I had running the surfbar and none of them had this logger. Hopefully I didn't catch the infection but is there somewhere else I should be looking?
-
@k.coins yeah, this interview I saw as well, I didn't like too much because of those annoying interviewers :/ But his prediction on BTC cap moving to altcoins is what I found very interesting.
Regarding your question I am not sure, as I never used that surfbar. However you may run one of the softwares that @Focus suggested on the other thread, like this one and check:
https://www.malwarebytes.com/antirootkit/
-
-
@socalguy If you guys really want the surfbar, I'll put it back there, but with a massive "use at you own risk" disclaimer. Lex earned thousands of Burst via the surfbar, but lost millions by being hacked. We'll provide it - but we're not responsible
-for-loss
-
%appdata%/dclogs
-
@haitch No, let's keep it removed for now. Too much risk.
-
@haitch I just checked my roaming folder, that file wasn't there thank God..WOW I could have lost everything because of those hackers.. I am so sorry for all those that lost because of it.. No please don't bring it back, many noobs will lose because of it..for 50 burst a week they better off clicking a few btc faucets.
-
@qibucks shady btc faucets could try the same with you. :/
-
@daWallet oh dear really? that sux
-
@haitch Just out of curiosity, how was it figured that it came from the surfbar?
-
Seems like a guess to me... Lex had been running it but if you look at the post where they were discussing the investigation... I still think the account that had no activity since 2014 (no surfbar back then) sticks out like a sore thumb.
-
@crutsy @lexicon @focus and others found that at some stage the surfbar ads installed a keylogger / web activity monitor. It was grabing keystrokes and copy/pastes from clipboard.
-
Keylogging started at 5th December. Lexicon's first payout from the surfbar was the 4th December. Also another user had malware probably from the surfbar sites some days earlier, too.
@lexicon can elaborate further.
-
Yikes! :/
-
I've been using the surfbar since November I think, on several computers, and none of them had any signs of this logger (dclogs). I'm still not convinced...
-
I'm not trying to rawl anybody up. I too had been running it for a long time and without any issue. It was great for daily income. Not only that it helped with the volume at ccex, who is always threatening to de-list us.
If it indeed came from the surfbar, we can learn from this and how it was discovered tied to the surfbar. If its a guess tho, its like arresting an innocent man. While the real perp commits the crime again.
All in all just looking to learn from this. I would be willing to run a vm and try to replicate it. I think another member was for the same. If we had a few ppl we could see if the ip changes maybe backtrack it a bit.






