A malware campaign targeting Jaxx cryptocurrency wallet users was shut down after FlashPoint researchers discovered several infections linked to the site.
Jaxx, is a cryptocurrency wallet site which claims to have been downloaded 1.2 million times on desktop and mobile platforms and its most recent version supports Bitcoin, Ethereum, and more than a dozen other cryptocurrencies.
The campaign began on Aug. 19 when the malicious domain was created and the threat actors began targeting Windows and Mac OS X users with a variety of malware developed for the desktop platforms.
Researchers spotted a phony site using a malicious URL similar to the legitimate Jaxx site serving several custom and commodity strains of malware all of which were designed to empty Jaxx users’ wallets. Researchers noted that the malicious campaign was primarily a social engineering attack and doesn’t involve an actual vulnerability in the Jaxx application.
It is however, unclear on whether the attackers lured victims to the malicious site via poisoned search results, phishing, or other nefarious methods.