Researchers from the risky company Flashpoint have managed to identify and suspend a website that was going through the official page of Jaxx cryptocurrency wallet; the URL was similar to the official page and the objective was to spread a malware that had as purpose to empty the Wallets of the users of Jaxx.
Once the malware was discovered, the Flashpoint analysts informed Jaxx's technical support team and also the Cloudflare server service company; then the suspension of the services of the fake site which was a line-by-line copy of the real site of Jaxx was made and included modifications in the download links and from that site redirected to the servers controlled by the scammers.
Jaxx is one of the cryptocurrency wallets that has been downloaded more than 1.2 million times on PC and mobile devices, among the compatible currencies are Bitcoin, Ethereum and more than a dozen cryptocurrencies.
The attack of the malware is not due to a vulnerability of the platform, since it was a social engineering attack, the malware was mainly focused on Windows or Mac PCs:
In Windows the page downloads the malware along with the real software of Jaxx and the malware then it would run in a flat plane where it would steal files from the desktop and report the cryptocurrency account.
On Mac it would send an error message in English and in Russian requesting information from the account and this allowed the hackers to steal the cryptocurrencies.