Author

Topic: Possibly Phishing Haircomb Wallet & Using of Stock Image (Read 437 times)

copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
to get Haircomb coins.
You have to be careful with such wallets mate, getting some coins is not worth your security. People have lost millions of dollars in crypto due to fake wallets that have malware in them. For example this user lost over $1M worth of crypto because he was trying to claim a forked coin (Bitcoin Diamond) so he downloaded a fake wallet that had malware.

7 months ago, only 3 antivirus detected malware in the wallet. Right now, over 9 of them say the wallet has malware https://www.virustotal.com/gui/file/d998e6a3a532e6a099d0a3ba31640526d9eb67dd07714e4b3b63c48227dce54e/detection


newbie
Activity: 4
Merit: 0
Among the many good wallets around, why did you choose Haircomb Wallet?
to get Haircomb coins.
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
I am running antivirus now because of computer issues - usb disconnects, lags, freezes while typing in apps. The only thing that I recently downloaded and ran was this haircomb wallet software.
If I were you, I would backup all my important media file and documents, and then carry out a fresh installation of windows as soon as possible. The people behind the wallet are very suspicious, on top of that, some antivirus engines have flagged the wallet to have some malware.

Among the many good wallets around, why did you choose Haircomb Wallet?
newbie
Activity: 4
Merit: 0
I am running antivirus now because of computer issues - usb disconnects, lags, freezes while typing in apps. The only thing that I recently downloaded and ran was this haircomb wallet software.
newbie
Activity: 1
Merit: 0
Does the normal Bitcoin wallet software give false positives like this or is it just the modified version created by the guy who's pretending to be a girl on the internet and using an alias which is an anagram of "Satoshi Nakamoto" to "subtly" hint to gullible retards that he's Satoshi?
newbie
Activity: 6
Merit: 0
legendary
Activity: 2366
Merit: 1272
Heisenberg
- my photo is really fake
Am not going to push hard on the side of the virus detection since i don't have technical knowledge until someone with coding knowledge can come and show us how malicious the file is.

But when it comes to fake image the I can not trust you. Why did you choose to use a fake image and lie to us?
copper member
Activity: 82
Merit: 5
Yes I've compiled those combfullui.exe (personally) and I did it with pride
and dignity. I am prepared
to post the full source to prove the credibility of my project that I've put
lots of hours working on.


fe39f430cb93118326b3417499c77641d6b7e1345573e5dfbbd4681af59c3679  combfullui.exe
d998e6a3a532e6a099d0a3ba31640526d9eb67dd07714e4b3b63c48227dce54e  combfullui.exe


TL;DR

- my photo is really fake
- i released those combfullui.exe
- I am aware about some false positives
sr. member
Activity: 840
Merit: 375
Basically 2 out of 71 anti virus that I have never heard of detected that it has malicious content and the rest of them that are popular and known to be reliable didn't? These are called false positives https://support.virustotal.com/hc/en-us/articles/115002121185-I-am-experiencing-a-false-positive-my-file-or-site-should-not-be-detected-#:~:text=VirusTotal%20simply%20aggregates%20the%20output,that%20can%20fix%20the%20issue. Now I'm not saying that there isn't effectively viruses in comb wallet I'm just saying you should take these scans with a grain of salt because false positives are very known to happen especially for recently created files. If you are suspicious, install a VM and run the wallet there; even if it contains viruses your computer won't be affected.

Edit: Faking the dev picture is definitely sketchy though. This destroys the project credibility and user's trust and should not be tolerated.
sr. member
Activity: 565
Merit: 270
Remember who u are, what u are & who you represent
If they can fake identity, there they are definitely faking more things about them and their project.
More importantly that wallet has a couple of viruses including Worm.Bereb. What does it do preciously?

Quote
This worm propagates by dropping copies of itself in any of the following folders:

C:\Windows\SYSDLL
OR
or C:\Windows\STARTRWIN
It then sets this folder as shared in the WinMX peer-to-peer network. It uses interesting file names to entice users into downloading its copies.
Upon execution, this worm drops a copy of itself as the following file:

C:\Windows\TASKMGR.COM
OR
C:\Windows\SVCKERNELL.COM

It then adds the following registry entry so that its copy automatically executes at every Windows startup:

HKEY_LOCAL_MACHINE\Sotware\Microsoft\Windows\
CurrentVersion\Run
Taskmanager = �C:\Windows\taskmgr.com�

OR
HKEY_LOCAL_MACHINE\Sotware\Microsoft\Windows\
CurrentVersion\Run
Svckernell=�c:\windows\svckernell.com�

This worm creates the following folder, where it drops copies of itself using interesting file names:

C:\Windows\SYSDLL
OR
C:\Windows\STARTRWIN
It propagates by sharing the dropped copies on the WinMX peer-to-peer network. To do this, it modifies the following file:

C:\Progra~1\WinMX\library.dat
The modification sets the worm folder as shared in WinMX.

This worm uses name of one of thousands of .exe files from a OS for its copies shared in WinMX:

Reference: https://www.trendmicro.com/vinfo/hk/threat-encyclopedia/archive/malware/worm_bereb.b
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
I can never understand why someone who want to use stock images and make people believe that it's how the team member looks like?
It's faking Identity or Identity theft and such a person or project can never be trusted. What's the problem with leaving out the team part if they want to stay anonymous?

If they can fake identity, there they are definitely faking more things about them and their project.
sr. member
Activity: 565
Merit: 270
Remember who u are, what u are & who you represent
sr. member
Activity: 565
Merit: 270
Remember who u are, what u are & who you represent
***This is not a scam accusation FOR NOW!***
What happened: Possibly Phishing, Malicious Tools inside Haircomb Wallet. Along with Stealing One Person Team Identity/Picture.

Dev's (Not proven scammer as of now) Profile Link: https://bitcointalksearch.org/user/natasha-otomoski-2701336
ANN Thread: https://bitcointalksearch.org/topic/anncomb-haircomb-quantum-proof-anonymity-and-more-5195815
Archive: http://archive.is/wip/mls8X

Website: None
Archive: http://archive.is/nmmGy#msg52875759
Whitepaper: https://raw.githubusercontent.com/natasha-otomoski/haircomb/master/WhyTheCombOfNatashaOtomoskiHas21Teeth.txt

Haircomb Bounty Thread: https://bitcointalksearch.org/topic/79-reward-0009-btc-simple-task-this-weekend-please-read-5251391
Archive: http://archive.is/wip/3pjFK

Team Member: The Dev who uses "Natasha Otomoski"as alias works alone for his project.
Second most contributor to the ANN thread: kelozar

Stock Image used in ANN thread as Team Member:



Original Picture:


Reference: https://hrexpert.com.au/marketing-2/

Github: https://github.com/natasha-otomoski/haircomb
Archive: http://archive.is/wip/7GF23

Announcement of First releasing of Windows Wallet: https://bitcointalksearch.org/topic/m.52892009
Archive: http://archive.is/enQZc#msg52892009

First releasing of Windows Wallet on Github: https://github.com/natasha-otomoski/haircomb/commit/7922f6175b22b6a9f410b2586d308764a059be75#diff-48f11ca61784018b735166490c862694
Archive: http://archive.is/wip/Qeosw

I have downloaded the combfullui.exe which he/she submitted on Oct 27, 2019 a few hours ago and used VirusTotal to see if there is any malicious tool existing in the wallet or not. It showed that someone already checked it out months ago and the result is below.


Reference: https://www.virustotal.com/gui/file/d998e6a3a532e6a099d0a3ba31640526d9eb67dd07714e4b3b63c48227dce54e/detection

It shows that some engines found a couple of viruses of the first version of Haircomb wallet including Trojan.Multi.Generic.4!c
which is a very dangerous malicious tool and has been warned by Lafu previously.


Trojan.Multi.Generic.4!c
Trojan.Multi.Generic.4!c has been considered as one of the most dangerous OS threat.
It usually infect all famous browser by attaching add-ons, plug-ins and other suspicious code.
By modifying browser setting and attacking your browser, it will lead you to the third-party site and start to cause interruption while surfing the web.
Trojan.Multi.Generic.4!c will brings lots of serious problems to you.
Encrypts your files , Opens the System backdoor and allow hackers to access PC remotely.Collects victims all sensitive data and send them to the scammers.
Archive: http://archive.is/wip/xmR2I

After a couple of days the dev instructed how to sync Haircomb wallet. I am just quoting the summarize version of original post.

Syncing guide - windows.
  • Are you expecting a haircomb payment and want to receive it to your own wallet?
  • Do you want to pay with your haircombs?
  • Do you want to create commits.db file yourself, so that you don't need to trust others to give you the correct file?
  • Do you want to monitor people claiming combs in real time?
Then you need synced haircomb core wallet. Learn how to do this using this guide.
Prerequisites. You should have more than 250GB free disk space. Should have reliable electricity supply, with no planned power loss.
1. Download combfullui.exe from github and place it to it's own folder
2. Download btc.zip (the modified bitcoin qt 0.18.1) and unzip it.
Archive: http://archive.is/BSkqY#msg53030389

The dev has recently uploaded the latest version of the wallet 0.3.2 for both Windows and Linux.
Github Upload: https://github.com/natasha-otomoski/haircomb
Archive: http://archive.is/7GF23

I've again used VirusTotal to scan the Windows wallet file and found the following result.


Reference: https://www.virustotal.com/gui/file/fe39f430cb93118326b3417499c77641d6b7e1345573e5dfbbd4681af59c3679/detection

According to Microsoft - Worm.Bereb.i is from the category of Worm.Bereb malicious virus that does the below thing along with other similar viruses from Worm.Bereb.

Quote
This threat tries to use the Windows Autorun function to spread through removable drives, like USB flash drives.
Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FBereb.B&ThreatID=-2147464970
Jump to: