Jaxx wallet phishing campaign: Cryptocurrency Miners Swindled of Blockchain Assets

Jaxx wallet phishing campaign aimed to drain user wallets

Cryptocurrency miners!
Are you in a state of dilemma of where to store the cryptocurrency you own? Are you wondering if the Jaxx wallet is a correct place to store the cryptocurrency you have bought?
The official Jaxx cryptocurrency wallet has enmeshed in a phishing campaign designed to drain user wallets.Jaxx wallet phishing campaign
Before we go in depth of Jaxx wallet Phishing campaign, let us get enlightened with Cryptocurrency Wallets.
Cryprocurrency wallets are necessary for trading Bitcoin, or any other digital currency. Before you consider trading in cryptocurrency, you first need to know what cryptocurrency is and how it works.
A crypto currency wallet comprises of two elements- a private key and a public address.
Private Key: In order to access your cryptocurrency wallet, a cryptocurrency holder should own a private key.  This key if fallen in wrong hands can lead to the embezzlement of your cryptocurrency wallet.
Public Address: In order to receive cryptocurrency funds, the end users are provided with public address that is generally in the form of text or a QR code.
Owning a cryptocurrency wallet leaves you responsible for the security of your own capital.

What is Jaxx Wallet?

Jaxx is a simple tool or say a cryptocurrency wallet that allows individuals and businesses to hold, control and trade blockchain assets like Bitcoin, Litecoin, Ethereum, Monero and a dozen other cryptocurrencies.
It is a popular cryptocurrency wallet owned by Canadian blockchain startup Decentral and enjoys over 1.2 million downloads on both desktop and mobile platforms.

Why Jaxx Wallet?

Jaxx wallet has many defining features. These include:
  1. It supports world’s leading cryptocurrencies and enables accessing and managing of blockchain-based assets easier.
  2. The platform is reliable, secure and under respective user’s control.
  3. Jaxx enables cross platform pairing including Mac, Windows and Linux desktops, Android and iOS mobile operating systems, and a Chrome browser extension.

Jaxx Wallet Phishing Campaign

Considering the popularity of this easy-to-use platform, threat actors designed a fraudulent version of the official Jaxx cryptocurrency wallet website that served malicious links. Click on these links directed users to servers controlled by hackers. It was a sheer trick employed by threat actors to deceive users in revealing their wallet credentials and deprive them of their blockchain assets.
The legitimate Jaxx website domain is located at jaxx.io. Scam artists leveraged this simple looking address to develop and launch a fake website with a similar name, jaxx.ws. This spoofed website used CloudFare Content Delivery Network and was a carbon copy of the legitimate Jaxx domain.Jaxx wallet phishing campaign
This fraudulent domain was in operation from August 19 2018 and primarily targeted Microsoft Windows and macOS users. The masqueraded Jaxx domain allowed the download of legitimate Jaxx wallet software. However the package came with the furtive malware payload in the form of malicious Java Archive (JAR) file and a .NET application that stealthily installed in the background.

Malicious Payload distribution – Jaxx wallet phishing campaign

The malware contained instructions for the exfiltration of all system files to a command-and-control (C2) server controlled by attackers. This included TXT, DOC and XLS files, the most likely documents for the attackers to search for cryptocurrency wallet addresses.

Malicious Payload for Windows

The malicious payload was distributed in Windows system via .ZIP archive with a malicious .NET binary.

Malicious Payload for macOS

In Mac OS it was distributed via JAR files which when executed, compiled a Russian IDE (integrated development environment) named DevelNext. This indicates that the pernicious infection was based out of Russia.
Moreover, the fraudulent site was known to be hosted by the Russian VPS (Virtual Private Server) provider hostland[.]ru.
Read Full Article : Click here

Comments

Post a Comment

Popular posts from this blog

How to remove Speedtest-guide.com redirect from your system

Image
Guide to Remove Speedtest-guide.com redirect Speedtest-guide.com redirect is a nasty browser hijacker that changes the default browser settings such as home-page, search engine & new tab functionality. In addition to that, it displays annoying ads & causes infuriating redirects to dubious sites, thus deteriorating the web-browsing experience. This rogue browser redirector claims to be a free tool that can be used to test Internet speed & customize the web search. It also enables the users to keep a track of the previous tests & access speed boosting tips. While Speedtest-guide.com appears to be a useful & legit application, the users have reported of its questionable behavior. Firstly, to operate on a system, it requires modifying the browser settings without user’s permission. It does so to promote a fake search engine - Speedtest-guide.com. It causes unnecessary browser redirects & possesses the capability of tracking down user’s online
Read more

The novel DNS protocol helps Mozart Malware evade detection

Image
The nasty Mozart Malware has made a major comeback in the cyber-world. Yes, the devious malware known for infecting the Home Depot Inc, United States & breaching data is now using a novel DNS protocol to communicate with the remote hackers. This new DNS Protocol is also being used by Mozart Malware to remain under the radar of security solutions & other intrusion detection systems. Read on to know more about this backdoor malware. The First Attack of Mozart Malware Mozart malware made its first appearance in September 2014 after it hacked the Home Depot Inc., United States. According to the sources, this earlier unknown & unseen malware was specifically crafted to attack the Home Depot, the largest home development vendor in the United States. The word “Mozart” was observed in the software’s malicious code& it is suspected to have connections with the hacker’s system, the sources state. Read Full Article
Read more

How to remove ZUpdater.exe Trojan from your system?

Image
Guide to Remove ZUpdater.exe Trojan - ZUpdater.exe Trojan is a nasty threat to the Windows OS based devices. It uses the infected system’s resources to generate illicit crypto currency without the user’s permission or knowledge. Software Bundling & Free Programs are the prime methods used by ZUpdater.exe Trojan to proliferate its infection. Some of the free downloads offered on the internet do not reveal if other software is being installed in the background. Thus, they easily make their way into the system without user’s consent. Once ZUpdater.exe virus is installed, it consumes over 90% of the CPU’s power & graphics card power of the targeted system. This way, it makes the system extremely sluggish & deteriorates the performance of the PC. According to cyber-security analysts, while the system is running slow, hackers use computer’s resources to generate illicit revenue for themselves. Victims from around the world are looking for ways to remove
Read more