Bitcoin Forum
May 27, 2019, 11:04:21 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [PSA] Fake Wasabi wallet from wasabibitcoinwallet [dot] org  (Read 202 times)
whotookmycrypto
Full Member
***
Offline Offline

Activity: 126
Merit: 174


WhoTookMyCrypto.com


View Profile WWW
March 22, 2019, 05:20:17 AM
Last edit: March 22, 2019, 04:45:18 PM by whotookmycrypto
Merited by dbshck (4), bones261 (3), BitMaxz (3), joniboini (3), pooya87 (2), odolvlobo (1), Kemarit (1), mjglqw (1), DdmrDdmr (1)
 #1

Haven't seen this shared around here.

Basically, the scam website has one download link pointing Windows users to download the fake wallet. The other download links on the site are, however, legitimate. Comprehensive testing has yet to be conducted on the fake download to find out what it does but "it’s definitely a scam".

As with the recent attack on the Electrum wallet, this incident once again highlights the importance of verifying PGP signatures of your downloads. Good link on this forums on how to go about this: https://bitcointalk.org/index.php?topic=4059348.0

Scanning files for viruses alone isn't sufficient. As scanning it for viruses threw up no detections.

Image credits: https://twitter.com/nopara73/status/1108659418680516608

Stay safe.

Source of news:
https://thenextweb.com/hardfork/2019/03/21/wasabi-wallet-bitcoin-fake/

1558955061
Hero Member
*
Offline Offline

Posts: 1558955061

View Profile Personal Message (Offline)

Ignore
1558955061
Reply with quote  #2

1558955061
Report to moderator
1558955061
Hero Member
*
Offline Offline

Posts: 1558955061

View Profile Personal Message (Offline)

Ignore
1558955061
Reply with quote  #2

1558955061
Report to moderator
PLAY OVER 3000 GAMES
LIGHTNING FAST WITHDRAWALS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Baofeng
Sr. Member
****
Offline Offline

Activity: 784
Merit: 375


View Profile
March 22, 2019, 06:51:08 AM
Merited by bones261 (2), Kemarit (1)
 #2

From Wasabi's co-founder himself:

https://twitter.com/nopara73/status/1108658747906449408


So just be careful.

bustadice         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
[bustadice.
Play
bustadice]
mjglqw
Hero Member
*****
Offline Offline

Activity: 952
Merit: 663


https://coinsources.io/bitcoin


View Profile WWW
March 22, 2019, 04:35:16 PM
 #3

How is this scam site being advertised or spread online? Couldn't make it appear on the front page through testing a few Google searches. No ads either.

EDIT: I think we're good. Page seems to be erased already. Keep your eyes peeled at all times though.


whotookmycrypto
Full Member
***
Offline Offline

Activity: 126
Merit: 174


WhoTookMyCrypto.com


View Profile WWW
March 22, 2019, 04:45:01 PM
Merited by bones261 (2)
 #4

How is this scam site being advertised or spread online? Couldn't make it appear on the front page through testing a few Google searches. No ads either.

EDIT: I think we're good. Page seems to be erased already. Keep your eyes peeled at all times though.


If the scammer couldn't get it ranked on google, then he/she could probably use social media to fool unsuspecting users? For example, giving advice out to users on Twitter on how to stay safe and directing them to that malicious link.

Yes, link has been taken down. Someone reported it to their host provider Name Cheap.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1652
Merit: 1770

Use SegWit and enjoy lower fees.


View Profile WWW
March 22, 2019, 05:54:59 PM
Merited by bones261 (1)
 #5

Wasabi's GitHub page also share short guide on GPG verification along it's public PGP key.

https://github.com/zkSNACKs/WalletWasabi/blob/master/WalletWasabi.Documentation/Guides/InstallInstructions.md#gpg-verification

If the scammer couldn't get it ranked on google, then he/she could probably use social media to fool unsuspecting users? For example, giving advice out to users on Twitter on how to stay safe and directing them to that malicious link.

Basically social engineering attack. I'd bet they share misleading URL where text and actual link are different, example :

bitcoin.org

Code:
[url=bitcointalk.org]bitcoin.org[/url]

anu1908
Full Member
***
Offline Offline

Activity: 280
Merit: 167


View Profile
March 23, 2019, 01:52:28 AM
 #6

so it seems virus total failed to scan the file if we input the link directly, but they can scan it if we upload the files directly. i don't know if this is a bug or not but they should've fixed it already.

nc50lc
Sr. Member
****
Offline Offline

Activity: 602
Merit: 402


Self-proclaimed Genius ㊙️


View Profile WWW
March 23, 2019, 02:08:23 AM
 #7

Wasabi's GitHub page also share short guide on GPG verification along it's public PGP key.

https://github.com/zkSNACKs/WalletWasabi/blob/master/WalletWasabi.Documentation/Guides/InstallInstructions.md#gpg-verification
Great, just like Electrum,
but just like Electrum, that wont help most newbies since most of them prefer download-install-open method.
Glad they have taken down the site that quick.

so it seems virus total failed to scan the file if we input the link directly, but they can scan it if we upload the files directly. i don't know if this is a bug or not but they should've fixed it already.
It isn't a bug, if you input a URL, it will scan the server of the URL, not the specified download file.

If you download and upload the file to Virus total (like the image in the OP), it will scan the file using different antivirus engines.
If nothing was detected, the file doesn't have any malicious code even though it steals data, it might be programmed like any other software that can send and receive data to its server.

███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
#1
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
BTC 
  ●
   BTC
  BTC   
.
    ▄▄▄▀▀▀▀
 ▄██▀
███        ▄▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄▄▄
▀███▄▄▄▄▀▀▀                 ▀▀▄▄
  ▀▀▀██████████████████████████▀
   ▄█▄     ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀██▄▄█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀
      ▄  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
      ▀██▄  ▄▀▀▀▀▀▀▀▀▀▀▀▀▄
        ▀█▀██████████████▀▀
         ▀█▄▄ ▄▄▄▄▄▄▄▄▄▄
            █▀▄▄▄▄▄▄▄▄▄▄▀
             ▀▀▄▄▄▄▄▄▄
.
     BTC
  BTC   
  ●
  BTC   
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
Pmalek
Hero Member
*****
Online Online

Activity: 952
Merit: 1034



View Profile
March 23, 2019, 08:40:44 AM
Merited by mjglqw (1)
 #8

VirusTotal not detecting it doesn't mean anything. The important thing is what does this wallet do? Does it infect your device with malware/keyloggers or other unwanted viruses? If so then it is only a matter of time until VT detects the malicious code.
But if it doesn't install any malware, VirusTotal will not detect anything malicious. It's basically a software that sends and receives transactions, like any other wallet and those are not reported as infected by VT.

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
whotookmycrypto
Full Member
***
Offline Offline

Activity: 126
Merit: 174


WhoTookMyCrypto.com


View Profile WWW
March 26, 2019, 03:05:01 AM
Merited by vapourminer (1)
 #9

Great, just like Electrum,
but just like Electrum, that wont help most newbies since most of them prefer download-install-open method.
Glad they have taken down the site that quick.

Yes, agreed on the point of users being too lazy to verify by PGP. This point is interesting so went to do some digging online and found this.

Source: https://securityboulevard.com/2018/11/10-rules-for-the-secure-use-of-cryptocurrency-hardware-wallets/
Quote
Users of cryptocurrency software should demand reproducible builds and code-signed executables to prevent tampering by an attacker post-installation. The advantage of code-signing, relative to manual verification with a tool like GPG, is that code signatures are automatically verified by the operating system on every launch of the application, whereas manual verification is typically only performed once, if at all. Even verifiable software, though, can still be subverted at runtime. Recognize that general-purpose computing devices are exposed to potentially risky data from untrusted sources on a routine basis.

Can someone explain:

(1) Why don't these wallets implement the code-signing mechanism mentioned above? If the OS can automatically verify the program at launch each time, isn't this a solution to having users verifying PGP by themselves?

(2) Is it right to say that if the wasabi wallet had the code-signing mechanism implemented, it would have been easier for users to perform the verification as they can easily view the properties of the file to see who the digital signatures belong to (like in this example: https://www.sslsupportdesk.com/how-to-verify-a-digital-code-signing-signature-in-windows/)

Thanks.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!