Researchers at Flashpoint discovered a phishing site designed to steal cryptocurrency from the Jaxx wallet, a cryptocurrency storage system. The site has since been suspended.
The details: The site was meant to look like Jaxx's, and had custom-designed malware for both Mac and Windows computers.
- The site would upload Windows malware along with the actual Jaxx software, with the malware running in the background. Custom malware stole files from a user's desktop, while bundled, widely available malware accessed other files and stole cryptocurrency account information whenever it was copied and pasted.
- The Mac malware gave an error message in English and Russian and prompted users to provide account information that would allow the hackers to steal currency.
- Flashpoint is aware of infections from the malware, but is not clear how users were first sent to the site.
Mitigation: Flashpoint contacted both Jaxx and the security company Cloudflare, which the site had used for users' connections. Cloudflare suspended the site.
