Sep 12, 2018

Researchers thwart phishing scam on Jaxx cryptocurrency wallet

Photo: Yu Chun Christopher Wong/S3studio via Getty Images

Researchers at Flashpoint discovered a phishing site designed to steal cryptocurrency from the Jaxx wallet, a cryptocurrency storage system. The site has since been suspended.

The details: The site was meant to look like Jaxx's, and had custom-designed malware for both Mac and Windows computers.

  • The site would upload Windows malware along with the actual Jaxx software, with the malware running in the background. Custom malware stole files from a user's desktop, while bundled, widely available malware accessed other files and stole cryptocurrency account information whenever it was copied and pasted.
  • The Mac malware gave an error message in English and Russian and prompted users to provide account information that would allow the hackers to steal currency.
  • Flashpoint is aware of infections from the malware, but is not clear how users were first sent to the site.

Mitigation: Flashpoint contacted both Jaxx and the security company Cloudflare, which the site had used for users' connections. Cloudflare suspended the site.

Go deeper