Hackers using fake Ledger Live app to steal seed phrases and drain crypto - 'Coin Telegraph' News Summary (United States) | BEAMSTART
Cybercriminals are using fake Ledger Live apps to drain macOS users’ crypto through malware that steals seed phrases, a cybersecurity firm warns. The malware replaces the legitimate Ledger Live app on victims’ devices and then prompts the user to input their seed phrase through a phony pop-up message, a team from Moonlock said in a May 22 report.“Initially, attackers could use the clone to steal passwords, notes, and wallet details to get a glimpse of the wallet’s assets, but they had no way to extract the funds,” the Moonlock team said.“Now, within a year, they have learned to steal seed phrases and empty the wallets of their victims,” it added. One way the scammers replace the real Ledger Live app with a clone is through the Atomic macOS Stealer, designed to steal sensitive data, which Moonlock said it has found lurking on at least 2,800 hacked websites.
Source: Moonlock After infecting a device, Atomic macOS steals personal data, passwords, notes and wallet details and replaces the real Ledger Live app with a phony. “The fake app then displays a convincing alert about suspicious activity, prompting the user to enter their seed phrase,” the Moonlock team said.“Once entered, the seed phrase is sent to an attacker-controlled server, exposing the user’s assets in seconds.”Malware campaign active since August Moonlock has been tracking malware that's distributing a malicious clone of Ledger Live since August, with at least four active campaigns, and they think hackers are “only getting smarter.” Threat actors on the dark web are offering malware with “anti-Ledger” features.
Hackers will continue to exploit the trust crypto owners place in Ledger Live.” Related: Ledger secures Discord after hacker bot tried to steal seed phrasesTo avoid falling prey to similar malware scams, the cybersecurity firm recommends being wary of any page that warns of a critical error and asks for a 24-word recovery phrase.
Cointelegraph by Stephen Katte
Yes (HTTPS)
Negative
Legitimate
News Report
2025-05-23 @ 06:58:43 (1 days ago)
GMT -5:00
484 words
3 minutes read
18 lines
27 words per sentence (average)
Desktop Web, Mobile Web, iOS App, Android App
28921728
View Article Analysis
24 posts per day
2013
8 hours ago
Independent Company
GMT -5:00
Worldwide
Available (XML)
Available (JSON, REST)
Website Security: Secure (HTTPS)
Publisher ID: #11
Publisher Details
