Crypto-Currency Wallet Portal Jaxx Deactivated Following Malware Attack

A cyber-attack that distributed malicious software aiming at Jaxx wallet owners of crypto-currencies used one spoofed website of the actual Jaxx portal. But from the time Flashpoint analysts found several infections occurring from the attack, the fake website is being made non-operational.

The widely-used crypto-currency wallet, Jaxx is credited with downloads over 1.2m attempts onto mobile phones and desktops. The wallet's most recent edition Jaxx Liberty is used for Ethereum, Bitcoin as well as over twelve other crypto-currencies.

Previously during September 2018, Flashpoint informed Jaxx website as well as delivery network of Cloudflare content about the fake portal which spoofed Jaxx's after its creation on 19th August. There was an URL for the spoofed website which resembled the real jaxx[.]io website while contained copies of every line from the original Jaxx website. The download web-links were modified for diverting visitors onto an attackers' controlled server.

According to senior malware researcher Paul Burbage from Flashpoint, the phishing websites, which emerge too frequently, characteristically are designed for seizing credentials belonging to victimized users who're so tricked that they unknowingly authenticate on fake websites. Burbage explains that since past, actors haven't come to the fore who established a complete mirror of an online site having one look-alike domain which would just serve malicious software.

Security investigators observed that the malware attack essentially based on social engineering while didn't involve any real flaw within Jaxx app, online site, alternatively other sites under the ownership of block-chain startup Decentral of Canada which provides Jaxx. There were many malware strains of commodity and custom types packed into the spoofed Jaxx website that stole from end-users' wallets.

It is not clear if the attackers enticed victims through infected search engine hits, chat app or e-mail phishing, alternatively other mediums for contaminating them.

The described attack solely targeted desktops of Mac OS X and Windows. The fake site visitors were chanced to mistake it for the original site, since attackers loaded genuine application onto the formers PCs even as malware got loaded behind scene. Meanwhile, if mobile phone owners opted for download on the fake website they were led onto the real Jaxx site.

» SPAMfighter News - 9/21/2018