Pages:
Author

Topic: [Warning]: Do not download this wallet (Read 471 times)

full member
Activity: 798
Merit: 104
🎄 Allah is The Best Planner 🥀
June 04, 2020, 06:52:24 AM
#24
Newcomers are at greater risk when it involves wallet use They use all types of wallets without proper verification and are victims of scams. therein case if we take a touch precaution we'll be ready to reduce this loss to some extent. The above-updated information is extremely interesting Not only newcomers we've benefited tons employing a new wallet I can easily maintain security through the above discussion.
legendary
Activity: 2716
Merit: 1855
Rollbit.com | #1 Solana Casino
June 03, 2020, 02:44:28 AM
#21
-snip-why are people risking their coins with new wallets?
Sometimes people don't know about info about the security of the wallet they use. They only use according to their friends' recommendations or from several campaigns that require using the wallet.

As a beginner or anyone who wants to use a new wallet, you should do some research first, check with virustotal like the OP did to stay safe and avoid malware that will attack when installing a new wallet. Device security is also very important to fend off malware or viruses that try to infect our devices.
member
Activity: 266
Merit: 16
Sovryn - Brings DeFi to Bitcoin
June 02, 2020, 07:59:43 AM
#20
Newbies have been warned several times not to use unknown wallets or new wallets until reviews are good, we have tons of wallets in crypto space today, why are people risking their coins with new wallets? I believe that through fake wallet scammers can get things done easily, you have the keys and they have the keys
legendary
Activity: 1624
Merit: 2481
June 01, 2020, 01:38:38 PM
#19
I can confirm. The software is highly likely malicious:

Code:
Persistence
    Modifies System Certificates Settings
    Spawns a lot of processes
    Writes data to a remote process
Fingerprint
    Queries kernel debugger information
    Reads the active computer name
    Reads the cryptographic machine GUID
Evasive
    Found a reference to a WMI query string known to be used for VM detection
    Marks file for deletion
    Possibly tries to implement anti-virtualization techniques
Spreading
    Opens the MountPointManager (often used to detect additional infection locations)
    Tries to access unusual system drive letters

Interestingly, it modifies the trusted certificates:

Code:
Modifies Software Policy Settings

details
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")



Solution
It has only one solution, install the Antivirus software which can catch this virus.

No. This is not a solution.
If this malware would have been coded more carefully, no engine would have detected it.

The only solution is to use your common sense and to be careful.

Don't download random stuff from the internet.
Don't download closed-source wallets with no reputation at all.

This is the solution.

legendary
Activity: 2660
Merit: 1141
June 01, 2020, 12:46:58 PM
#18
Thank you for making an application report which should be avoided.
Very vulnerable to using a new wallet application without doing research, the average application does not have the reputation and support of the crypto community. Many reports have lost their balance just because they are careless and don't consider the risks of the new wallet application (scam) used.
hero member
Activity: 1064
Merit: 639
June 01, 2020, 01:34:10 AM
#17
This means that the users of these Antivirus software are safe from this virus.
Code:
AegisLab: detected as (Riskware.Win32.RemoteUtilities)
Alibaba: detected as (RiskWare:Win32/RemoteUtilities)
DrWeb: detected as (BackDoor.RMS.165)
Kaspersky: detected as (Not-a-virus:RemoteAdmin.Win32)
MaxSecure: detected as (Trojan.Malware.121218.susgen)
Qihoo-360: detected as (Win32/Virus.RemoteAdmin)
ZoneAlarm by Check Point: (Not-a-virus:RemoteAdmin.Win32)

And those who use these Antivirus software are at risk.
Code:
Acronis: Undetected
Ad-Aware: Undetected
AhnLab-V3: Undetected
ALYac: Undetected
Antiy-AVL: Undetected
SecureAge APEX: Undetected
Arcabit: Undetected
Avast: Undetected
Avast-Mobile: Undetected
AVG: Undetected
Avira (no cloud): Undetected
Baidu:Undetected
BitDefender: Undetected
BitDefenderTheta: Undetected
Bkav: Undetected
CAT-QuickHeal: Undetected
ClamAV: Undetected
CMC: Undetected
Comodo:Undetected
CrowdStrike Falcon: Undetected
Cybereason: Undetected
Cylance: Undetected
Cyren: Undetected
eGambit: Undetected
Emsisoft: Undetected
Endgame: Undetected
eScan: Undetected
ESET-NOD32: Undetected
F-Prot: Undetected
F-Secure: Undetected
FireEye: Undetected
Fortinet: Undetected
GData: Undetected
Ikarus: Undetected
Jiangmin: Undetected
K7AntiVirus: Undetected
K7GW: Undetected
Kingsoft: Undetected
Malwarebytes: Undetected
MAX: Undetected
McAfee: Undetected
McAfee-GW-Edition: Undetected
Microsoft: Undetected
NANO-Antivirus: Undetected
Palo Alto Networks: Undetected
Panda: Undetected
Rising: Undetected
Sangfor Engine Zero: Undetected
SentinelOne (Static ML): Undetected
Sophos AV: Undetected
Sophos ML: Undetected
SUPERAntiSpyware: Undetected
Symantec: Undetected
TACHYON: Undetected
Tencent: Undetected
Trapmine: Undetected
Trend Micro: Undetected
TrendMicro-HouseCall: Undetected
VBA32: Undetected
VIPRE: Undetected
ViRobot: Undetected
Webroot: Undetected
Yandex: Undetected
Zillya: Undetected
Symantec Mobile Insight: Unable to process file type
Trustlook---
Zoner--

Solution
It has only one solution, install the Antivirus software which can catch this virus.
AegisLab
Alibaba
DrWeb
Kaspersky
MaxSecure
Qihoo-360
ZoneAlarm by Check Point.

*edit* This is for them if somebody has mistakenly installed this virus.

source: https://www.virustotal.com/gui/file/62e8c55ed14b04fa2766843d5947c8547fc3778d897ab32ce37a1a9031aec914/detection
sr. member
Activity: 2254
Merit: 258
So i went to check their website and found conflicting information (which i bolded above) on their website

Instant Exchange with Cashback

Swap 60+ crypto pairs anonymously and receive a cash back for exchange.

Verify your Identity

Verification is required to prevent identity theft or fraud. Photo ID is required to make sure it’s really you.

One more proof that this wallet is scam shady

There is deception here if the rules are contradictory and people are trap on doing something they do not want to do like trading anonymously but you need to verify your account, this is misleading, it's possible that this exchange will have a scam report in the future, let them prove their reputation here before trading a big amount.
legendary
Activity: 2884
Merit: 1115
Leading Crypto Sports Betting & Casino Platform
It's not just Virustotal, it's actually just a collection of different Antivirus Engines. I don't know much about programming but it has something to do with the detection algorithms of the antivirus engines. Antivirus engines sometimes provide false positives or false negatives depending on how updated their database is.
If the malicious code is still brand new, Most of this Antivirus engines will not detect any malware, thus a false positive until their malware database is updated.
So no one should ever conclusively depend on virustotal or antiviruses for protection, they should instead just be used as some sort of reference.

Exactly, when an antivirus is able to detect that the file is matched with a known piece of malware then it uncovers that file as false-negative and put that file into "quarantine" for user review. Sometimes the antivirus can detect viruses even if the database is not updated, If an antivirus able to identify an automated program is running on your system and continuously trying to interact every other program file on your system then the antivirus program track out that suspicious program as an unknown type of virus and put that suspicious program into sandboxes. It's true there is no 100% effective antivirus, the only way to protect yourself from virus, must see the reviews and verify the files signature before running any file.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
There is a reddit thread as well showing related to this ServoWallet where one user said that Kaspersky wasn't able to detect any virus on their scan, this just proves that VirusTotal's database isn't that reliable when it comes to scanning the file.
It's not just Virustotal, it's actually just a collection of different Antivirus Engines. I don't know much about programming but it has something to do with the detection algorithms of the antivirus engines. Antivirus engines sometimes provide false positives or false negatives depending on how updated their database is.

If the malicious code is still brand new, Most of this Antivirus engines will not detect any malware, thus a false positive until their malware database is updated.

So no one should ever conclusively depend on virustotal or antiviruses for protection, they should instead just be used as some sort of reference.  One should use their brain or just follow  simple rules
1. Do not install or execute any random file.
2. Even if the file is from a trusted source, verify the signature before installing
hero member
Activity: 1806
Merit: 672
There is a reddit thread as well showing related to this ServoWallet where one user said that Kaspersky wasn't able to detect any virus on their scan, this just proves that VirusTotal's database isn't that reliable when it comes to scanning the file. Nevertheless it doesn't mean that this wallet is safe to be use or at least be the first one to try it since aside from being new they literally don't have anything else for you to trust them with your money. No identification, there address isn't showing up in Google Maps, and lack of information. Basically there is nothing to convince you that their wallet is clean and to be trusted with your cryptocurrency.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
-snip-
People should definitely avoid this wallet. Looking at the info you have provided @ETFbitcoin It kind of remains me of another scam/shady wallet that requires KYC verification: Freewallet.org SCAM accusations - a compilation
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
So i went to check their website and found conflicting information (which i bolded above) on their website

Instant Exchange with Cashback

Swap 60+ crypto pairs anonymously and receive a cash back for exchange.

Verify your Identity

Verification is required to prevent identity theft or fraud. Photo ID is required to make sure it’s really you.

One more proof that this wallet is scam shady
sr. member
Activity: 1232
Merit: 379
Accepting Newly Developed Wallet Is Somehow Malicious As There Is No Testimonies Escalating The New Wallet. I Would Advised All Crypto Users To Stay Away From This New-born Wallet Servo As There Are Old Wallets That and Been Credited And Given A High Thump Ups Of Excellency.  Meanwhile As A Beginner And Newbies In The Crypto Atmosphere, You Might Have Been Told To Perform DYOR Before Accesing Dapps.

Just My Thoughts
legendary
Activity: 3472
Merit: 10611
this wallet definitely has a lot of red flags that means you should stay away from it and the flags are
- being new and already on version 2!
- no source code
- the website, facebook page,... are all new and shady

but FWIW the virustotal results (i don't know what that other site is) are NOT reliable at all. just because they show malware (7 out of 71!!!) or if they were showing no malware at all, it doesn't mean what you scanned is unsafe or safe respectively. specially when it comes to a cryptocurrency wallet. for example if you scan bitcoin core, electrum,... with it they sometimes show similar malware warnings.
hero member
Activity: 2632
Merit: 833
I also never heard of this wallet before, and obviously, it is fairly new, just a couple of months old.

And I'm sure that they are slowly introducing their wallet to underground forums and not in this community because they know they will be exposed early.

However, it looks like they have been uncovered by the OP and given us a warning. I think everyone should report it, specially their Facebook account to help stop this cyber criminals.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
It's my first time knowing about the wallet in the OP. The results from Virus-total pretty much confirmed that the wallet is not to be trusted with one's funds. With the so many trusted Bitcoin/multi-currency wallet available. I wouldn't expect anyone familiar with Crypto from going in for a brand new untrustworthy wallet to keep their funds in it.
legendary
Activity: 2576
Merit: 1655
I cannot find any review of this wallet as well, and yes it is fairly young and majority of us haven't heard of this one. Probably the developer of this wallet doesn't bother to promote it because it has malicious intent from behind. But good catch by the OP, and it's good that the community is being given a warning here. Just stay with reliable and trusted wallet and not try to 'experiment' with unknown and not open source.
full member
Activity: 1176
Merit: 162
Thanks for the heads up, everyone should avoid trying new wallets just stick to the old one and most reputable wallets which have low risk. Also, be careful with copycats wallet imitating a well-known wallet to steal our cryptos. But if you are really curious to try some new wallets if you are suspicious of it, try to run it on Virtual machines like Virtualbox or VMware. I also experienced false positive detection from QT wallets before but I still don't trust it better run on Virtual machine.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
Preventing to use or downloading any newly launch wallet is one of the best precautionary measure that you can do to protect your funds. There's no need to use other wallets that seem to be unfamiliar for you.

They may be popping again because bitcoin is showing the dominance again. As for the new people in the community, always download the recommended wallets that you can see on https://bitcoin.org/en/choose-your-wallet?step=5

No need to spend money if you have no budget for hardware wallets. Electrum is enough.
hero member
Activity: 2156
Merit: 803
Top Crypto Casino
Thanks for the update.

I have reported the wallet website to Google safe browsing. You can also to prevent this website from showing on browser. Here is the link -https://safebrowsing.google.com/safebrowsing/report_badware/?hl=en

The more people report the faster Google will take action.
Pages:
Jump to: