Walletwasabi: Tools/Clipboard Malware Test
I propose to write a test to the Tools/Clipboard Malware Test:
- Copy a random address to the clipboard and if it changes within 3 seconds, then we detected the malware.
- Repeat 3 times.
@ANK1036Official would you mind uploading the virus somewhere (zip it first, not the exe) and link it here so we can test if our test works?
nopara73
All 7 comments
- Copy a random address to the clipboard and if it changes within 3 seconds, then we detected the malware.
With the auto copy feature on, if you are in the receive tab and you press the down button this would be triggered.
What if the malware changes the clipboard only when you paste?
yahiheb
on 15 May 2020
We can distinguish between the two cases. Wasabi knows when it writes the clipboard and when it is just changed externally. Also, another check can be if it is replaced by random content or to a valid bitcoin address. So with these two, we can almost be sure to not scare the user with false positives.
molnard
on 15 May 2020
What if the malware changes the clipboard only when you paste?
It can't. By the time the malware detects the paste event it's too late to replace the clipboard.
nopara73
on 16 May 2020
We can distinguish between the two cases. Wasabi knows when it writes the clipboard and when it is just changed externally.
Doesn't matter. When the user clicks on "Test for Clipboard Malware" then Wasabi can expect the user to not use the clipboard or click around anywhere.
Imagine this:
Tools/Clipboard Malware Test
SCREEN 1:
-------------------------------------------------------------
|START TEST|
-------------------------------------------------------------
SCREEN 2:
-------------------------------------------------------------
beep.. beep.. testing.. do not touch anything.. beep.. beep..
-------------------------------------------------------------
SCREEN 3:
-------------------------------------------------------------
CONGRATULATIONS! We've found a clipboard malware on your computer!
-------------------------------------------------------------
@nopara73 but I don't think that this test should rely on user input doing it... it should be checked automatically in the background, if possible.
MaxHillebrand
on 16 May 2020
I agree with you, but it's not possible. We tried to pursue this goal with @lontivero for a long time, but ultimately failed and there were too many issues with that approach. That's why I suggested the manual process. Read back on GitHub btw, it was really early times when only two of us were developing.
nopara73
on 16 May 2020
More than two years ago I was playing with a similar idea, to implement a built-in clipboard malware mechanism to alert users about possible changes in the content, specially addresses. Here the PR: https://github.com/zkSNACKs/WalletWasabi/pull/697
I realized that such ideas make no sense because there is nothing you can really do if your computer is compromised. An attacker would simply add something like if "wassabee" in processes: sleep(4) and that's all, there it went our awesome solution. The introduction of this feature opens the door to future security features too because someone can tell us how he lost his password-protected wallet because he had a key logger in his system and so on and son on.
Concept NACK.
lontivero
on 18 May 2020
Related issues
MaxHillebrand
路
3Comments
yahiheb
路
3Comments
molnard
路
3Comments
the-metalworker
路
3Comments
davterra
路
3Comments
Most helpful comment
We can distinguish between the two cases. Wasabi knows when it writes the clipboard and when it is just changed externally. Also, another check can be if it is replaced by random content or to a valid bitcoin address. So with these two, we can almost be sure to not scare the user with false positives.