[Warning]: Do not download this wallet

[btc_angela]

Warning, do not download and use this wallet because it contains a malicious code and will probably steal your crypto credentials.

And according to https://whois.domaintools.com/servowallet.com, this platform started this February only. And if you find positive reviews about this wallet, it's probably fake and bogus so be careful.

Code:

https://servowallet.com/
ServoWallet-2.13.1.exe
https://www.facebook.com/Servo-Wallet-103032588035784

Virustotal results:

https://www.virustotal.com/gui/file/62e8c55ed14b04fa2766843d5947c8547fc3778d897ab32ce37a1a9031aec914/detection



https://any.run/report/62e8c55ed14b04fa2766843d5947c8547fc3778d897ab32ce37a1a9031aec914/7aa524b6-4fee-4ac7-838d-94edc4a6bb77

[Charles-Tim]

What I just noticed about the wallet is that it is too young but do not know if it fake.

Code:

Website / Domain
servowallet.com
IP Address
192.185.48.157
Global Alexa Rank
9243779
Country Alexa Rank
-
Created on
2020-02-19T12:00:00Z 0 years 3 months 11 days ago
Updated on
2020-04-01T11:00:00Z 0 years 1 months 29 days ago
Expires on
2021-02-19T12:00:00Z 0 years 8 months 20 days later

I can not use a wallet that was just launched three months ago when there are old wallets that are legit, reputed and safe, even if servowallet is not a scam, I do not expect anyone to use it because of the it was created in February, 2020. .

[pakhitheboss]

Thanks for the update.

I have reported the wallet website to Google safe browsing. You can also to prevent this website from showing on browser. Here is the link -https://safebrowsing.google.com/safebrowsing/report_badware/?hl=en

The more people report the faster Google will take action.

[jossiel]

Preventing to use or downloading any newly launch wallet is one of the best precautionary measure that you can do to protect your funds. There's no need to use other wallets that seem to be unfamiliar for you.

They may be popping again because bitcoin is showing the dominance again. As for the new people in the community, always download the recommended wallets that you can see on https://bitcoin.org/en/choose-your-wallet?step=5

No need to spend money if you have no budget for hardware wallets. Electrum is enough.

[LbtalkL]

Thanks for the heads up, everyone should avoid trying new wallets just stick to the old one and most reputable wallets which have low risk. Also, be careful with copycats wallet imitating a well-known wallet to steal our cryptos. But if you are really curious to try some new wallets if you are suspicious of it, try to run it on Virtual machines like Virtualbox or VMware. I also experienced false positive detection from QT wallets before but I still don't trust it better run on Virtual machine.

[Baofeng]

I cannot find any review of this wallet as well, and yes it is fairly young and majority of us haven't heard of this one. Probably the developer of this wallet doesn't bother to promote it because it has malicious intent from behind. But good catch by the OP, and it's good that the community is being given a warning here. Just stay with reliable and trusted wallet and not try to 'experiment' with unknown and not open source.

[Bitcoin_Arena]

It's my first time knowing about the wallet in the OP. The results from Virus-total pretty much confirmed that the wallet is not to be trusted with one's funds. With the so many trusted Bitcoin/multi-currency wallet available. I wouldn't expect anyone familiar with Crypto from going in for a brand new untrustworthy wallet to keep their funds in it.

[TravelMug]

I also never heard of this wallet before, and obviously, it is fairly new, just a couple of months old.

And I'm sure that they are slowly introducing their wallet to underground forums and not in this community because they know they will be exposed early.

However, it looks like they have been uncovered by the OP and given us a warning. I think everyone should report it, specially their Facebook account to help stop this cyber criminals.

[pooya87]

this wallet definitely has a lot of red flags that means you should stay away from it and the flags are
- being new and already on version 2!
- no source code
- the website, facebook page,... are all new and shady

but FWIW the virustotal results (i don't know what that other site is) are NOT reliable at all. just because they show malware (7 out of 71!!!) or if they were showing no malware at all, it doesn't mean what you scanned is unsafe or safe respectively. specially when it comes to a cryptocurrency wallet. for example if you scan bitcoin core, electrum,... with it they sometimes show similar malware warnings.

[Lordhermes]

Accepting Newly Developed Wallet Is Somehow Malicious As There Is No Testimonies Escalating The New Wallet. I Would Advised All Crypto Users To Stay Away From This New-born Wallet Servo As There Are Old Wallets That and Been Credited And Given A High Thump Ups Of Excellency.  Meanwhile As A Beginner And Newbies In The Crypto Atmosphere, You Might Have Been Told To Perform DYOR Before Accesing Dapps.

Just My Thoughts

[ABCbits]

So i went to check their website and found conflicting information (which i bolded above) on their website

Instant Exchange with Cashback

Swap 60+ crypto pairs anonymously and receive a cash back for exchange.

Verify your Identity

Verification is required to prevent identity theft or fraud. Photo ID is required to make sure it’s really you.

One more proof that this wallet is scam shady

[Bitcoin_Arena]

-snip-

People should definitely avoid this wallet. Looking at the info you have provided @ETFbitcoin It kind of remains me of another scam/shady wallet that requires KYC verification: Freewallet.org SCAM accusations - a compilation

[Harlot]

There is a reddit thread as well showing related to this ServoWallet where one user said that Kaspersky wasn't able to detect any virus on their scan, this just proves that VirusTotal's database isn't that reliable when it comes to scanning the file. Nevertheless it doesn't mean that this wallet is safe to be use or at least be the first one to try it since aside from being new they literally don't have anything else for you to trust them with your money. No identification, there address isn't showing up in Google Maps, and lack of information. Basically there is nothing to convince you that their wallet is clean and to be trusted with your cryptocurrency.

[Bitcoin_Arena]

There is a reddit thread as well showing related to this ServoWallet where one user said that Kaspersky wasn't able to detect any virus on their scan, this just proves that VirusTotal's database isn't that reliable when it comes to scanning the file.

It's not just Virustotal, it's actually just a collection of different Antivirus Engines. I don't know much about programming but it has something to do with the detection algorithms of the antivirus engines. Antivirus engines sometimes provide false positives or false negatives depending on how updated their database is.

If the malicious code is still brand new, Most of this Antivirus engines will not detect any malware, thus a false positive until their malware database is updated.

So no one should ever conclusively depend on virustotal or antiviruses for protection, they should instead just be used as some sort of reference.  One should use their brain or just follow  simple rules
1. Do not install or execute any random file.
2. Even if the file is from a trusted source, verify the signature before installing

[Swordsoffreedom]

It's not just Virustotal, it's actually just a collection of different Antivirus Engines. I don't know much about programming but it has something to do with the detection algorithms of the antivirus engines. Antivirus engines sometimes provide false positives or false negatives depending on how updated their database is.
If the malicious code is still brand new, Most of this Antivirus engines will not detect any malware, thus a false positive until their malware database is updated.
So no one should ever conclusively depend on virustotal or antiviruses for protection, they should instead just be used as some sort of reference.

Exactly, when an antivirus is able to detect that the file is matched with a known piece of malware then it uncovers that file as false-negative and put that file into "quarantine" for user review. Sometimes the antivirus can detect viruses even if the database is not updated, If an antivirus able to identify an automated program is running on your system and continuously trying to interact every other program file on your system then the antivirus program track out that suspicious program as an unknown type of virus and put that suspicious program into sandboxes. It's true there is no 100% effective antivirus, the only way to protect yourself from virus, must see the reviews and verify the files signature before running any file.

[judeafante]

So i went to check their website and found conflicting information (which i bolded above) on their website

Instant Exchange with Cashback

Swap 60+ crypto pairs anonymously and receive a cash back for exchange.

Verify your Identity

Verification is required to prevent identity theft or fraud. Photo ID is required to make sure it’s really you.

One more proof that this wallet is scam shady

There is deception here if the rules are contradictory and people are trap on doing something they do not want to do like trading anonymously but you need to verify your account, this is misleading, it's possible that this exchange will have a scam report in the future, let them prove their reputation here before trading a big amount.

[CryptoYar]

This means that the users of these Antivirus software are safe from this virus.

Code:

AegisLab: detected as (Riskware.Win32.RemoteUtilities)
Alibaba: detected as (RiskWare:Win32/RemoteUtilities)
DrWeb: detected as (BackDoor.RMS.165)
Kaspersky: detected as (Not-a-virus:RemoteAdmin.Win32)
MaxSecure: detected as (Trojan.Malware.121218.susgen)
Qihoo-360: detected as (Win32/Virus.RemoteAdmin)
ZoneAlarm by Check Point: (Not-a-virus:RemoteAdmin.Win32)

And those who use these Antivirus software are at risk.

Code:

Acronis: Undetected
Ad-Aware: Undetected
AhnLab-V3: Undetected
ALYac: Undetected
Antiy-AVL: Undetected
SecureAge APEX: Undetected
Arcabit: Undetected
Avast: Undetected
Avast-Mobile: Undetected
AVG: Undetected
Avira (no cloud): Undetected
Baidu:Undetected
BitDefender: Undetected
BitDefenderTheta: Undetected
Bkav: Undetected
CAT-QuickHeal: Undetected
ClamAV: Undetected
CMC: Undetected
Comodo:Undetected
CrowdStrike Falcon: Undetected
Cybereason: Undetected
Cylance: Undetected
Cyren: Undetected
eGambit: Undetected
Emsisoft: Undetected
Endgame: Undetected
eScan: Undetected
ESET-NOD32: Undetected
F-Prot: Undetected
F-Secure: Undetected
FireEye: Undetected
Fortinet: Undetected
GData: Undetected
Ikarus: Undetected
Jiangmin: Undetected
K7AntiVirus: Undetected
K7GW: Undetected
Kingsoft: Undetected
Malwarebytes: Undetected
MAX: Undetected
McAfee: Undetected
McAfee-GW-Edition: Undetected
Microsoft: Undetected
NANO-Antivirus: Undetected
Palo Alto Networks: Undetected
Panda: Undetected
Rising: Undetected
Sangfor Engine Zero: Undetected
SentinelOne (Static ML): Undetected
Sophos AV: Undetected
Sophos ML: Undetected
SUPERAntiSpyware: Undetected
Symantec: Undetected
TACHYON: Undetected
Tencent: Undetected
Trapmine: Undetected
Trend Micro: Undetected
TrendMicro-HouseCall: Undetected
VBA32: Undetected
VIPRE: Undetected
ViRobot: Undetected
Webroot: Undetected
Yandex: Undetected
Zillya: Undetected
Symantec Mobile Insight: Unable to process file type
Trustlook---
Zoner--

Solution
It has only one solution, install the Antivirus software which can catch this virus.
AegisLab
Alibaba
DrWeb
Kaspersky
MaxSecure
Qihoo-360
ZoneAlarm by Check Point.

*edit* This is for them if somebody has mistakenly installed this virus.

source: https://www.virustotal.com/gui/file/62e8c55ed14b04fa2766843d5947c8547fc3778d897ab32ce37a1a9031aec914/detection

[Falconer]

Thank you for making an application report which should be avoided.
Very vulnerable to using a new wallet application without doing research, the average application does not have the reputation and support of the crypto community. Many reports have lost their balance just because they are careless and don't consider the risks of the new wallet application (scam) used.

[bob123]

I can confirm. The software is highly likely malicious:

Code:

Persistence
    Modifies System Certificates Settings
    Spawns a lot of processes
    Writes data to a remote process 
Fingerprint
    Queries kernel debugger information
    Reads the active computer name
    Reads the cryptographic machine GUID 
Evasive
    Found a reference to a WMI query string known to be used for VM detection
    Marks file for deletion
    Possibly tries to implement anti-virtualization techniques 
Spreading
    Opens the MountPointManager (often used to detect additional infection locations)
    Tries to access unusual system drive letters 

Interestingly, it modifies the trusted certificates:

Code:

Modifies Software Policy Settings

details
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
    "ServoWallet-2.13.1.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")

Solution
It has only one solution, install the Antivirus software which can catch this virus.

No. This is not a solution.
If this malware would have been coded more carefully, no engine would have detected it.

The only solution is to use your common sense and to be careful.

Don't download random stuff from the internet.
Don't download closed-source wallets with no reputation at all.

This is the solution.

[Greatdev]

Newbies have been warned several times not to use unknown wallets or new wallets until reviews are good, we have tons of wallets in crypto space today, why are people risking their coins with new wallets? I believe that through fake wallet scammers can get things done easily, you have the keys and they have the keys