Wowlet Desktop Wallet - malicious potential viruses?

Started by kingioan, Oct 07, 2021, 02:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

kingioan

Oct 07, 2021, 02:57 PM
When I downloaded the Wowlet Desktop Wallet executable named wowlet-v3.0.0-x86_64-windows.exe

https://git.wownero.com/wowlet/wowlet/releases

I ran it through various virus scanners. 5 security vendors flagged this file as malicious.

The results are below

Alibaba
NetTool:Win32/TorTool.60d93c3b
ESET-NOD32
A Variant Of Win64/CoinMiner.MR Potentially Unwanted

Fortinet
Riskware/Miner
Kaspersky
Not-a-virus:NetTool.Win32.TorTool.eke

Palo Alto Networks
Generic.ml
Acronis (Static ML)
Undetected

Can anyone provide any advice on what these are, please?

Are they viruses?

_xxfedexx

#1
Oct 07, 2021, 04:26 PM
This one: Not-a-virus:NetTool.Win32.TorTool.eke is because it bundles Tor, which is not a virus, but it is often used in botnets to keep the hacker's anonimity. On WowLet it is used to hide your IP.
The others are because it contains the Wownero Daemon, which can be used to cryptomine (potentially botnets might use daemon to mine but it is very unlikely to be fair).
If you don't trust it enough you can compile it by yourself .

asymptotically

#2
Oct 10, 2021, 07:58 AM
Quote from: "kingioan, post:1, topic:957"Can anyone provide any advice on what these are, please?

The wallet contains some code shared with miners. Meanies are hacking computers and installing miners on them without permission. Anti-viruses helpfully flag miners to catch these unwanted miners.

To make sure you've got the "real" Wowlet that hasn't been tampered with, you can verify the hashes and the signature, or as @_xxfedexx said, build it from source yourself.

kingioan

#4
Oct 12, 2021, 08:01 PM
Thanks for your advice. This was helpful. How do I compile it for myself, please?  I'm a bit stuck @_xxfedexx @asymptotically

orklemerkle

#5
Oct 16, 2021, 12:10 AM
Compilation instructions for Windows can be found here:

https://git.wownero.com/wowlet/wowlet/src/branch/master/docs/BUILDING.md#windows-reproducible

It seems to require Linux and Docker to build, though. It may be easier to just verify downloaded hashes, so you can blame the devs if anything breaks :stuck_out_tongue_winking_eye:.

For reference, to do the other things @asymptotically says:

---

To verify hashes, assuming you use Windows 10:

Open the folder where you saved wowlet in File Explorer, then click **File** -> **Open Windows PowerShell**. Then type in:

````
Get-FileHash -Algorithm SHA256 wowlet-v3.0.0-x86_64-windows.exe
````

Verify that the *Hash* column matches the one on the download page, which I see is:

````
ecac2f7c6caac7f746607b06cded8e98d61228837f16e608ee6e6bd1ab9d5b09
````

Ignore uppercase/lowercase while comparing. The only characters used are `0-9` `a-f`, so there is no possibility of `1/I/l` `0/O` confusion.

---

To verify the signature, you'll need an OpenPGP program like GPG and @dsc's public key. I'll leave this as an exercise for the reader, since merely downloading a key based on posted instructions is no more secure than checking a posted hash.

**EDITED:** Typos
Print
Go Up Pages1
User actions