en
Back to the list

Ledger announces latest malware that asks for 24 word seed from users


www.chepicap.com 26 April 2019 10:10, UTC
Reading time: ~2 m

Crypto hardware wallet Ledger has recently announced the latest phishing attack that targets users Ledger Live app and asks users to input their 24-word recovery phrase.

Ledger has announced a new malware that appears to target the Ledger Live application. Currently the malware is only affecting Windows computers and appears to be highly targeted. Ledger states that the malware imitates the Ledger Live application and once the update is completed, the Ledger user is then asked to input their 24-word secure phrase.

This will essentially give users the ability to unlock users Ledger wallets. Ledger has stated that "It's only a phishing attempt tricking you in entering your 24 words (never do that)"

Ledger explains that the malware cannot compromise your funds, however, it can trick users into entering their secure phrases, "Hardware wallets have been designed to protect crypto assets against this kind of attacks. Funds are safe unless users themselves give their recovery phrase to the hacker (through social trickery). Education of users is paramount to mitigate this."

The recent announcement is an attempt to spread information about the potential malware as to avoid falling victim to these scams.

This malware is infecting only Windows machines, and it looks like it's highly targeted (we have seen so far only once instance on one computer). It cannot compromise your device or your crypto. It's only a phishing attempt tricking you in entering your 24 words (never do that)

— Ledger (@Ledger) April 25, 2019

Hardware wallets have been designed to protect crypto assets against this kind of attacks. Funds are safe unless users themselves give their recovery phrase to the hacker (through social trickery). Education of users is paramount to mitigate this.

— Ledger (@Ledger) April 25, 2019

Hardware wallets have been designed to protect crypto assets against this kind of attacks. Funds are safe unless users themselves give their recovery phrase to the hacker (through social trickery). Education of users is paramount to mitigate this.


   Source
Back to the list