A group of fraudsters would have generated a fraudulent website from the Jaxx purse last month, with the aim of stealing customers' cryptocurrencies through desktop malware in Windows and Mac OS versions, undercover in the download of Jaxx's latest purse , Liberty.
According to the security firm Flashpoint, on August 19, a group of fraudsters launched a domain very similar to the official URL of the popular crypto currency purse Jaxx. It was a fraudulent portal that had in its download trays two desktop malwares that were installed in the computers of customers to get the cryptocurrencies of their purses without them realizing.
Flashpoint was commissioned in the first days of September to report this irregularity to Jaxx's team, as well as to notify the content delivery network, Cloudflare, which took the measures to suspend services to the counterfeit site, which is no longer available operative
The website, in addition to having a domain very similar to the original, also had a design that simulated the official website and hackers were given the task of offering legitimate Liberty software - a wallet that allows the storage of about 14 cryptocurrencies - ; along with the KPOT malwares, which steals information from the local hard drive; and Clipper, which detects addresses of purses copied in the computer's clipboard and modifies them with an address belonging to the hacker.
The scammers' goal was to supplant Jaxx's domain and contaminate computers with their version of the adulterated software. The mode of this phishing was elaborated, since at the time of downloading the device, not only the malware was filtered in the background but also the legitimate portfolio was installed to avoid generating suspicions in the clients.
In the case of Mac OS, a malicious Java file compiled in Russian was installed on the affected computers. While in the case of Windows was anchored a .NET application that allowed to filter the files and whose components are known in the clandestine sites of Russian cybercrime, affirmed Flashpoint.
At the time of installation, the application gave an error message in English and Russian reporting that a new wallet could not be generated. Also, a new option appeared to restore the user's wallet, step where the password and the seed of the wallet was requested, information that was later filtered to the hackers to get the cryptocurrency of that address.
The investigators do not know in what way the hackers attracted the victims to their fake website, but consider that they possibly used adulterated browsers, emails or chats to make possible Jaxx clients fall into their trap.
The security firm rectified that this event is not closely related to the company Decentral, startup after the creation of the Jaxx wallet. The report noted that it is not a vulnerability in the product itself or the company's website, but rather it is an isolated event of identity theft.
In this sense, Flashpoint stressed that this case is about a "social engineering attack". In this sense, they recognized that it was a very elaborate method of phishing, which are increasingly proliferating on the Internet with the aim of stealing cryptocurrencies, with famous cases such as the Telegram ICO and scammers who took advantage of Hurricane Irma to become with a few bitcoins ..
To avoid falling into this type of identity fraud, it is important that users before downloading an application make sure that the domain is the official one, as well as by going to the verified social networks of the companies that provide reliable information.
Similarly, it is important to check the website, verify that there is no lack of information or false data that can give some clues about possible fraud, since in many cases these web pages can be very well elaborated in design plus their texts have differences or errors compared to official portals.
Extract by:Criptonoticias
Nice news sharing brother
Posted using Partiko Android