The Jaxx cryptocurrency wallet website had a fraudulent version that served malicious links to trick users into revealing the backup phrase that protected the virtual funds. Security researchers from Flashpoint found it on August 30, after being alerted by a number of infections linked to the cybercriminal operation. The campaign may have started on August 19, which is the creation date of the attacker’s domain. Flashpoint senior malware researcher Paul Burbage says that the malware for Windows could exfiltrate files to a command and control (C2) server.
Source: https://www.bleepingcomputer.com/news/security/cybercriminals-go-phishing-for-jaxx-wallet-users/