Vipersoftx Malware

Hi there @schwim

It's been said before but it bears repeating: If your computer is compromised by malware, all bets are off.

We would always recommend that customers take advantage of (at least) the built-in anti-malware protection in their operating system, such as Windows Defender, and/or another anti-virus app if they want.

Is there anything to do other than don't click or install suspicious stuff?

In direct answer to your question, "no". Where you said "don't click or install suspicious stuff" is exactly correct. Much of your defence against malware is by being careful about what you install and from where, even before any anti-malware protection is involved. You're the first link in the security chain, after all.

If you think your computer might be running something it shouldn't be, you should immediately lock 1Password. Then, you should run an anti-malware scan and take any appropriate actions based on the results.

If you have the slightest suspicion that your 1Password account details have been compromised, you should change your Secret Key and account password immediately through My Profile on 1Password.com, and Deauthorize any devices that might have been affected.

I'll be here if you have any questions. :)

— Grey

I'm happy that Grey was able to answer your question. 🙂

-Dave

@TOWS

Thank you for your questions. The best defence against malware of this sort is to adopt good security practices. According to various cybersecurity organizations this malware is mostly spread by users downloading cracked or illegal versions of software, a good way to avoid being infected is to always:

1. Only download official versions of software from a developer's website or from a reputable app/web store.
2. Keep operating system protections against malware turned on. For example, on macOS make sure that Gatekeeper is set to only allow applications from the "App store and identified developers".
3. Keep your system updated and don't run old unsupported versions of software. This is especially important for browsers, operating systems, and 1Password itself.

You can also run anti-malware software for further protection. At a minimum, keep Windows Defender on if you're using Windows.

Our team is continually evaluating how we can better protect your data locally on your device. We recently increased PBKDF2 hashing to 650,000 which helps protect you from a brute force attack that tries to guess your account password. And we use the native security features of each platform, such as Secure Input on macOS, to further protect your data as much as possible from malware and keyloggers.

But, at the end of the day, once malware has control of your system 1Password is limited in how much it can protect you from it. That's why it's important to keep your system protected and to only use 1Password on devices that you know are safe.

So, In theory, if I uninstalled the 1Password extension I would be safe from the threat?

Not necessarily. Without the extension you would likely be copying and pasting your passwords from the app thus exposing them to the system clipboard which potentially any other application (including malware) has access to.

The best way to protect yourself is by being careful to always update your devices, to use a strong and secure account password, to not use illegal or cracked versions of software, to not download unexpected email attachments, to not click on links whose destination you're not sure of, and to always install apps and extensions from reputable sources.

how can I tell if a 1Password update for the browser extension is legitimate and not this Vipersoftx Malware impersonating you?

Only install our extension from official browser web stores. The official web store version of our extension is developed and signed by us and is further reviewed by Apple/Mozilla/Google/Microsoft to verify that the extension is legitimate and safe to use. You can find our extension for all major browsers here: Get 1Password in your browser

-Dave

I'm happy to help. 🙂

-Dave