Crypto Wallet Startup Ledger Detects Phishing Malware Targeting Desktop App

Hardware crypto wallet manufacturer Ledger has detected malware targeting its desktop app.

Hardware cryptocurrency wallet manufacturer Ledger has detected malware targeting its desktop application, according to a tweet on April 25.

Ledger warned its users that the malware locally replaces the Ledger Live desktop app with a malicious one, and advised to follow security practices published on its blog. The company’s Twitter announcement specifically reads:

“WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update.”

In the comments to the post, Ledger revealed that the malware is infecting only Windows machines, although the company has reportedly detected only one affected device. Ledger further noted that the malware cannot compromise users’ computers or digital currency, but only represents a phishing attack in a bid to lure users to enter their 24-words recovery phrases.

Ledger also pointed out that the malicious software does not originate from its website or servers, however the company did not discover the infection method at the time.

Last December, the research team behind the dubbed “Wallet.fail” hacking project claimed that they were reportedly able to install any firmware on a Ledger Nano S. While the team used this vulnerability to play the game Snake on the device, one member of the team that found the exploit claimed:

“We can send malicious transactions to the ST31 [the secure chip] and even confirm it ourselves [via software,] or we can even go and show a different transaction [not the one that is actually being sent] on the screen.”

The team also demonstrated that they found a vulnerability in the Ledger Blue, the most expensive hardware wallet produced by the company, that comes with a color touchscreen. The signals are transported to the screen by an unusually long trace on the motherboard, the researcher explained, which is why it leaks those signals as radio waves.

When a USB cable is attached to the device, the aforementioned leaked signals purportedly get strong enough that they could be easily received from a distance of several meters.

Following the claim, Ledger claimed that the uncovered vulnerabilities in its hardware wallets are not critical. The reason Ledger said that the vulnerability was not critical is that “they did not succeed to extract any seed nor PIN on a stolen device” and “sensitive assets stored on the Secure Element remain secure.”

Original Article


By Readers$type=blogging$cate=2$count=6


Analysis,498,News,2987,Press Releases,338,Sponsored,137,
CryptoNomus: Crypto Wallet Startup Ledger Detects Phishing Malware Targeting Desktop App
Crypto Wallet Startup Ledger Detects Phishing Malware Targeting Desktop App
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy