French-based cryptocurrency wallet service provider, Ledger warned its users that malware had been detected that replaces the Ledger Live desktop app. The malware tricks the victims into entering their 24-word recovery phase. Ledger is warning its users not to fall for it.
Malware Is Highly Targeted
On April 25, 2019, Ledger revealed in a tweet that it had detected a malicious software that replaces the Ledger Live desktop application with a malware infected one. The discovered threat only affects Windows computers at the moment, and it seems to be highly targeted.
WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update. Please refer to our security best practices https://t.co/MlAUlgoqj9 pic.twitter.com/Qzr3o4xaOq
— Ledger (@Ledger) April 25, 2019
According to its announcement, only one device has been affected so far. Users of the infected computers are asked to provide their 24-word recovery phrase following a fake update. However, the wallet provider urged its users not to provide their recovery password.
The tweet referred users to Ledger’s security best practices. The first golden rule for users is never to share their 24-word recovery phrase. Users are also advised not to store their recovery password on a computer or a smartphone. Instead, it should be written down and kept in a safe place where it can’t be lost or destroyed.
Ledger further pointed out that the malicious software cannot compromise a user’s device or their cryptocurrency holdings. It is designed to be a phishing attack which attempts to trick people into giving up their 24-word recovery password.
The company stated that it is okay to enter the 24-word recovery password on a hardware wallet device. However, Windows users should desist from doing that at the moment.
Ledger explains that its hardware wallets were designed to secure cryptocurrency assets against this type of attacks. Funds stored on the wallets are safe unless a user gives away his/her recovery password to the hackers.
The cryptocurrency wallet company urged its users to contact them as soon as they notice something similar to what was described. Ledger promises to address such issues with utmost urgency, advising users to take prevention methods to avoid becoming victims of the phishing attack.
Ledger Still Susceptible to Hacks
In February 2018, cryptocurrency researcher DocDroid published a vulnerability report which says that Ledger’s hardware wallets were prone to attacks from a flaw that allows hackers to infect it with malicious software. The malware tricks its victims into sending their cryptos to the attackers.
Ledger acknowledged the vulnerability in a tweet afterward, urging its users to always verify the receiving address on their device screen manually with the help of the ‘monitor screen’ button available on the transaction request form.
The company admitted back then that the problem cannot be solved since malware can always change what people can see on their computer screens. However, they assured their customers that they are building a UX to help them avoid such attacks.
To mitigate the man in the middle attack vector reported here https://t.co/GFFVUOmlkk (affecting all hardware wallet vendors), always verify your receive address on the device's screen by clicking on the "monitor button" pic.twitter.com/EMjZJu2NDh
— Ledger (@Ledger) February 3, 2018
Ledger has been one of the leading wallet providers for cryptocurrency enthusiasts over the past few years, selling more than 1.4 million units of its Ledger Nano S hardware wallet, along with other products. It is also preparing to start shipments of the new and highly anticipated Ledger Nano X next month.
