Cybersecurity companies warn that cybercriminals are using fake Ledger Live applications to steal cryptocurrency from macOS users through malware that captures seed phrases.

The research team from Moonlock pointed out in a report on May 22 that the malware replaces the legitimate Ledger Live application on victims' devices and then prompts users to enter their seed phrases through a fake pop-up.

"Initially, attackers used this cloned application to steal passwords, notes, and wallet details to understand the wallet's asset situation, but they were unable to extract funds," the Moonlock team stated.

"Within a year, they have mastered the technique of stealing seed phrases and emptying victims' wallets," the team added.

One way scammers replace the legitimate Ledger Live application is through the Atomic macOS stealing tool, specifically designed to capture sensitive data. Moonlock claims they have found this lurking malware on at least 2,800 hacked websites.

Source: Moonlock

After infecting a device, Atomic macOS steals personal data, passwords, notes, and wallet details, replacing the real Ledger Live application with a fake one.

"This counterfeit application then displays a highly deceptive suspicious activity alert, luring users to input their seed phrases," the Moonlock team explained.

"Once users input their seed phrases, they are transmitted to a server controlled by the attackers, putting the user's assets at risk within seconds."

Moonlock has been monitoring the distribution of malicious Ledger Live clone applications since last August and has currently identified at least four active attack campaigns, believing that hackers are "becoming increasingly sophisticated."

Threat actors on the dark web are offering malware with "anti-Ledger" features. However, one sample detected by Moonlock did not include the advertised complete anti-Ledger phishing functionality. The company speculates that these features "may still be in development or will be rolled out in future updates."

Moonlock stated that hackers are providing specialized stealing tools targeting Ledger users. Source: Moonlock

"This is not just a simple theft. This is a high-stakes operation attempting to outsmart one of the most trusted tools in the cryptocurrency world. These criminals show no signs of backing down," Moonlock emphasized.

"Discussions about anti-Ledger plans are increasing on dark web forums. The next wave of attacks is already taking shape. Hackers will continue to exploit cryptocurrency holders' trust in Ledger Live to launch attacks."

To avoid becoming a victim of similar malware scams, the cybersecurity company advises users to remain highly vigilant against any warnings that contain serious errors and request 24-word recovery phrase pages.

At the same time, experts emphasize never to share seed phrases with anyone or input them on any website, no matter how legitimate it appears, and to only download the Ledger Live application from official channels.

Ledger did not immediately respond to Cointelegraph's request for comment.

Related: Analysts: Bitcoin (BTC) could surge significantly due to a lack of panic buying and futures market frenzy

Original: “Hackers Use Fake Ledger Live Apps to Steal Seed Phrases and Cryptocurrency”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。