It is not new for the world of cryptocurrency to come across Ponzi schemes and potential security threats, time and again. One more of such incident has occurred and this time it is the desktop application of Ledger Live that has been compromised. Ledger, in its tweet dated 25th April 2019, has confirmed the malware attack and warned all its users about the threat.
As per Ledger, the malware attack has been detected on its Live Wallet desktop app which deletes and replaces the original application locally with that of the malicious one. To make the malicious app look genuine, users are prompted to fill in their 24-word recovery phrase post what seems like a fake update. For those who come in late, Ledger Live lets its users receive, send, and manage their digital currency transactions in an easy and secure manner. It works perfectly well on computers as well as smartphones.
WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update. Please refer to our security best practices https://t.co/MlAUlgoqj9 pic.twitter.com/Qzr3o4xaOq
— Ledger (@Ledger) April 25, 2019
What is the malware attack all about?
Giving out more details, Ledger, one of the leading secure crypto asset managers, stated that the attack has Windows machines as its sole targets. So far, the company has witnessed only one instance of the attack on just one computer which has been identified as an out-an-out phishing attack.
What that means is, the malware attack is not targeted to collect your personal data, information or compromise your digital currencies or device as a whole. It is programmed to only trick you into entering your recovery phrase comprising of 24-words.
Therefore, make sure that you do not share the recovery phrase at all on your computer, stresses the official tweet by Ledger. In addition, Ledger revealed that the authentic Ledger Live application would NEVER ask 24-word phrase from its users.
Advertisement
To ensure its application users are well aware of the problem, Ledger continued with its series of tweets to educate them further. The firm stated that hardware wallets come with an inbuilt security mechanism so that they don’t fall prey to such type of attacks in the first place. It clearly outlined the fact to users that if they have not shared their recovery phrase when prompted to, their crypto funds ARE safe. However, if the phrase has been shared with the attacker through the mentioned trick, then further action needs to be taken.
Where did it come from?
The source and method of the malware attack have not been identified yet. Ledger has stated that it has not detected the existence of the attack on the mobile application. Hence, users need not worry. The company even claimed that the attack has nothing to do with their own servers or website as the application is available securely as a normal download. The one and only instance of the detected malware attack surfaced locally on the user’s Windows computer.
If this malware has infected any user, they are asked to get in touch with Ledger immediately for the resolution of the problem.
In order to help people safely utilize the hardware wallet, Ledger has also shared the best security practices it follows with the crypto community.
the benefit of a hardware wallet is to be able to verify on secure screen of the device the destination address. Please refer to https://t.co/MlAUlgoqj9 to read all our best practices
— Ledger (@Ledger) April 25, 2019
Meanwhile, the news is being shared widely across Twitter to spread awareness and help more and more people avoid it altogether.
Ledger users – don't fall for the malicious update. @Ledger has tweeted that this is a highly targeted scam and does not compromise your device, it's phishing for the 24 word phrase – remember, never give your phrase to anyone! https://t.co/Cb2yQocFX7
— MyEtherWallet | MEW (@myetherwallet) April 25, 2019
Advertisement
While there is no established way to predict if and when an application will be compromised, all one can do is follow the adequate safety measures, and act responsibly and logically when such things take place.
