29.03.2024

Fake Phishing Website Mimicking Jaxx Wallet Shut Down

A few weeks ago a group of scammers set up a fake website similar to that of Jaxx Wallet with the aim of stealing the cryptocurrencies of users through illegal practices.

On September 12, Flashpoint, a cybersecurity firm which provides Business Risk Intelligence advice, posted an article on its official blog commenting that the fraudulent website had finally been shut down:

“A website spoofing the official Jaxx cryptocurrency wallet site has been taken down after analysts at Flashpoint discovered a number of infections linked to the operation.”

According to the information provided by Flashpoint, the website had an address and content similar to that of Jaxx’s, thus generating little suspicion among users.

Fraudulent Jaxx Website. Notice how it ends in .ws whereas the real Jaxx ends in .io Jaxx Logo

Fake Phishing Website Mimicking Jaxx Wallet Shut Down

However, at the time of providing the download links for the PC desktop program, the fake wallet contained two malware: KPOT (which steals information from the local hard drive) and Clipper (which verifies the addresses of digital wallets copied via CTRL+C and replaces them with that of the hackers at the time of pasting them into the transaction).

The Flashpoint team also explains that the scammy wallet allowed hackers to steal the victim’s backup phrase when attempting to restore a wallet:

“Victims executing the JAR see a message in Russian and English: “Temporarily due to technical problems on the server, you cannot create a new wallet.” Victims are then routed to the “PAIR / RESTORE WALLET” screen which prompts them for their Jaxx wallet backup phrase – a password used to decrypt wallets in order for the attackers to exfiltrate the digital currency from the victim’s account. The backup phrase is then exfiltrated to the attacker’s web server while the victim receives another mixed Russian and English-language error message that states, “Server is not available. Try again in 4 hours”, below.”

Malicious JAR file containing error messages in English and Russian. credit: Flashpoint

Jaxx Users: Don’t Panic!

According to the Flashpoint team, the attack is fundamentally social engineering, and there is no violation of the security of the real Jaxx Wallet, so users can be confident that their funds are safe.

A social engineering attack relies on the victim’s ingenuity to extract some information or benefit that would otherwise be more difficult. An example is fake websites, which urge users to write their personal data for some service. In this way, it is the users themselves who provide their data without the need for hackers to perform any kind of tampering with the security of any website.

Users are advised to exercise extreme caution when visiting websites and only access official URLs where addresses are manually typed. One is never too paranoid when it comes to protecting money.

Leave a Reply

Your email address will not be published. Required fields are marked *