Hackers using fake Ledger Live app to steal seed phrases and drain crypto

Threat actors on the dark web are advertising malware with “anti-Ledger” abilities, but one of the examples examined by cybersecurity firm Moon lock didn’t have the promised features.

Cybercriminals are using fake Ledger Live apps to drain macOS users’ crypto through malware that steals seed phrases, a cybersecurity firm warns. 

The malware replaces the legitimate Ledger Live app on victims’ devices and then prompts the user to input their seed phrase through a phony pop-up message, a team from Moonlock said in a May 22 report.

“Initially, attackers could use the clone to steal passwords, notes, and wallet details to get a glimpse of the wallet’s assets, but they had no way to extract the funds,” the Moonlock team said.

Read more