Hackers using fake Ledger Live app to steal seed phrases and drain crypto
Threat actors on the dark web are advertising malware with “anti-Ledger” abilities, but one of the examples examined by cybersecurity firm Moonlock didn’t have the promised features.
Cybercriminals are using fake Ledger Live apps to drain macOS users’ crypto through malware that steals seed phrases, a cybersecurity firm warns.
The malware replaces the legitimate Ledger Live app on victims’ devices and then prompts the user to input their seed phrase through a phony pop-up message, a team from Moonlock said in a May 22 report.
“Initially, attackers could use the clone to steal passwords, notes, and wallet details to get a glimpse of the wallet’s assets, but they had no way to extract the funds,” the Moonlock team said.
English
Spanish
French
German
Arabic
Chinese (Simplified)
Russian
Portuguese
Indonesian
Dutch
Afrikaans
Italian
Vietnamese
Bulgarian
Croatian
Danish
Greek
Hebrew
Hindi
Hungarian
Irish
Japanese
Korean
Norwegian
Persian
Polish
Romanian
Somali
Swedish
Thai