Crypto Wallet Manufacturer Ledger Detects Malware Targeting its Desktop Application
Ledger, a crypto wallet startup, tweeted Friday, April 25, 2019, that they have detected a malware that could possibly replace the Ledger Live desktop application with a malicious one.
“Only” a Phishing Attack
After detecting the malware that had affected their systems, Ledger was quick to warn its users through their tweet.
WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update. Please refer to our security best practices https://t.co/MlAUlgoqj9 pic.twitter.com/Qzr3o4xaOq
— Ledger (@Ledger) April 25, 2019
This was followed by a link to their Medium blog that educated people of the best security practices while using a hardware crypto wallet.
As a comment to the same tweet, they further informed their community that the malware seemed highly targeted as it was only affecting Windows machines and they had, by then, “only seen one instance on one computer.”
Next, in an attempt to what seemed like restoring their users’ confidence, they added that it was “only” a phishing attempt tricking users to enter the 24-word recovery phrase and that neither of the users’ devices or cryptos faced any threat of being compromised. Funds are safe unless users themselves give their recovery phrase to the hacker.
Ledger’s “Uncritical” Vulnerabilities
The research team behind Wallet.Fail, in December 2018, reported that they were able to install any firmware on the Ledger Nano S. However, they only used this vulnerability to play the game of Snake on that device.
They also showcased the vulnerability of the most expensive hardware Ledger hardware wallet, Ledger Blue. The signals, they claimed, were leaked as radio waves because they were transported to the screen by an unusually long trace on the motherboard. And this signal could get strong enough to be easily received by from meters apart when a USB cable is attached to the device.
Ledger noted that the claimed issues weren’t highly critical as “they did not succeed to extract any seed nor PIN on a stolen device” and “sensitive assets stored on the Secure Element remain secure.”
