Wowlet Desktop Wallet - malicious potential viruses?

When I downloaded the Wowlet Desktop Wallet executable named wowlet-v3.0.0-x86_64-windows.exe

I ran it through various virus scanners. 5 security vendors flagged this file as malicious.

The results are below

Alibaba
NetTool:Win32/TorTool.60d93c3b
ESET-NOD32
A Variant Of Win64/CoinMiner.MR Potentially Unwanted

Fortinet
Riskware/Miner
Kaspersky
Not-a-virus:NetTool.Win32.TorTool.eke

Palo Alto Networks
Generic.ml
Acronis (Static ML)
Undetected

Can anyone provide any advice on what these are, please?

Are they viruses?

This one: Not-a-virus:NetTool.Win32.TorTool.eke is because it bundles Tor, which is not a virus, but it is often used in botnets to keep the hacker’s anonimity. On WowLet it is used to hide your IP.
The others are because it contains the Wownero Daemon, which can be used to cryptomine (potentially botnets might use daemon to mine but it is very unlikely to be fair).
If you don’t trust it enough you can compile it by yourself .

2 Likes

The wallet contains some code shared with miners. Meanies are hacking computers and installing miners on them without permission. Anti-viruses helpfully flag miners to catch these unwanted miners.

To make sure you’ve got the “real” Wowlet that hasn’t been tampered with, you can verify the hashes and the signature, or as @_xxfedexx said, build it from source yourself.

1 Like

Thanks for your advice. This was helpful. How do I compile it for myself, please? I’m a bit stuck @_xxfedexx @asymptotically

Compilation instructions for Windows can be found here:

It seems to require Linux and Docker to build, though. It may be easier to just verify downloaded hashes, so you can blame the devs if anything breaks :stuck_out_tongue_winking_eye:.

For reference, to do the other things @asymptotically says:


To verify hashes, assuming you use Windows 10:

Open the folder where you saved wowlet in File Explorer, then click FileOpen Windows PowerShell. Then type in:

Get-FileHash -Algorithm SHA256 wowlet-v3.0.0-x86_64-windows.exe

Verify that the Hash column matches the one on the download page, which I see is:

ecac2f7c6caac7f746607b06cded8e98d61228837f16e608ee6e6bd1ab9d5b09

Ignore uppercase/lowercase while comparing. The only characters used are 0-9 a-f, so there is no possibility of 1/I/l 0/O confusion.


To verify the signature, you’ll need an OpenPGP program like GPG and @dsc’s public key. I’ll leave this as an exercise for the reader, since merely downloading a key based on posted instructions is no more secure than checking a posted hash.

EDITED: Typos

1 Like