New Phishing Malware Asks Users for 24-Word Recovery Phrase, Targets Ledger Live Wallet Desktop App

Malware is a common issue in the cryptocurrency world, considering how much hardware is truly needed for it. Many traders will employ the use of hardware wallets as a way to keep their funds in their own hands, while avoiding storage on exchanges.

This option is thought to be a safer opportunity for fund storage, but recent reports show that one hardware wallet has been infiltrated with malware.

Ledger, which manufactures hardware crypto wallets, recently found malware in their desktop application. The company tweeted about this issue on April 25^th.

WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update. Please refer to our security best practices https://t.co/MlAUlgoqj9 pic.twitter.com/Qzr3o4xaOq

— Ledger (@Ledger) April 25, 2019

The company warned that the malware goes through and replaces the desktop app with a fake one, which can lead consumers to believe that they are using the right website, leaving them exposed. The annoucement notes that it is important for consumers to follow the security practices that Ledger recommends.

Within all the comments, Ledger ends up saying that the only systems impacted by the malware are machines using Windows. However, there has only been one device actually affected at this point, and Ledger adds that there’s no way for the malware to compromise either computer data or the users’ actual digital currencies.

The only impact the malware really has is to launch a phishing attack, which seeks out the recovery phrase of the user.

At this point, the way that the malware managed to be launched on the app has not been revealed or discovered. However, Ledger assures the public that the software did not originate with their website or servers.

Last December, a research team evaluated the Ledger Nano S during a hacking project, finding that any firmware could be installed on it. The vulnerability was used to engage in an app called Snake. One of the team members noted that it was possible to use the secure chip to send malicious transactions and confirm them. The hacking project also let the team show a different transaction than the one that they impacted.

The Ledger Blue, the most expensive of the wallets that Ledger offers, also had a vulnerability. As the signals on the touchscreen are set off, the signals are leaked as radio waves. With a USB cable plugged in, those signals can get so strong that a receiver several meters away can pick them up.

When Ledger was alerted to these problems, they claimed that the vulnerabilities were not actually critical because they could not “extract any seed nor PIN on a stolen device.” Ledger elaborated, adding that the “sensitive assets” were still “secure.”