Cybercriminals are using fake Ledger Live apps to drain macOS users’ crypto through malware that steals seed phrases, a cybersecurity firm warns. The malware replaces the legitimate Ledger Live app on victims’ devices and then prompts the user to input their seed phrase through a phony pop-up message, a team from Moonlock said in a May 22 report.“Initially, attackers could use the clone to steal passwords, notes, and wallet details to get a glimpse of the wallet’s assets, but they had no way to extract the funds,” the Moonlock team said.“Now, within a year, they have learned to steal seed phrases and empty the wallets of their victims,” it added. One way the scammers replace the real Ledger Live app with a clone is through the Atomic macOS Stealer, designed to steal sensitive data, which Moonlock said it has found lurking on at least 2,800 hacked websites.
Source: Moonlock After infecting a device, Atomic macOS steals personal data, passwords, notes and wallet details and replaces the real Ledger Live app with a phony. “The fake app then displays a convincing alert about suspicious activity, prompting the user to enter their seed phrase,” the Moonlock team said.“Once entered, the seed phrase is sent to an attacker-controlled server, exposing the user’s assets in seconds.”Malware campaign active since August Moonlock has been tracking malware that's distributing a malicious clone of Ledger Live since August, with at least four active campaigns, and they think hackers are “only getting smarter.” Threat actors on the dark web are offering malware with “anti-Ledger” features.
Hackers will continue to exploit the trust crypto owners place in Ledger Live.” Related: Ledger secures Discord after hacker bot tried to steal seed phrasesTo avoid falling prey to similar malware scams, the cybersecurity firm recommends being wary of any page that warns of a critical error and asks for a 24-word recovery phrase.
or
Share This Story
Article Details
Author / Journalist: Cointelegraph by Stephen Katte
The story "Hackers using fake Ledger Live app to steal seed phrases and drain crypto" has 484 words across 18 sentences, which will take approximately 3 - 5 minutes for the average person to read.
Which news outlet covered this story?
The story "Hackers using fake Ledger Live app to steal seed phrases and drain crypto" was covered 15 hours ago by Coin Telegraph, a news publisher based in United States.
How trustworthy is 'Coin Telegraph' news outlet?
Coin Telegraph is a fully independent (privately-owned) news outlet established in 2013 that covers mostly crypto news.
The outlet is headquartered in United States and publishes an average of 23 news stories per day.
It's most recent story was published 7 hours ago.
What do people currently think of this news story?
The sentiment for this story is currently Negative, indicating that people regard this as "bad news".
How do I report this news for inaccuracy?
You can report an inaccurate news publication to us via our contact page. Please also include the news #ID number and the URL to this story.
