Urgent Warning: Fake Ledger Live App Stealing Crypto Seed Phrases

A critical cybersecurity threat targets macOS users: a sophisticated malware campaign employing fake Ledger Live applications to steal cryptocurrency seed phrases. This malicious software, disguised as the legitimate Ledger Live app, tricks users into revealing their seed phrases through deceptive pop-up messages.

Security experts at Moonlock have identified the malware, noting a significant evolution in the attack. Initially, the cloned app only stole wallet details and passwords; now, it directly targets and extracts seed phrases, leading to immediate cryptocurrency theft.

The malware, often delivered via compromised websites (Moonlock identified over 2,800), utilizes the Atomic macOS Stealer to gain access to sensitive information. After infecting a device, it replaces the genuine Ledger Live app with its malicious counterpart.

The fake app then generates a convincing alert, falsely claiming suspicious activity and prompting the user to re-enter their seed phrase. This action immediately sends the seed phrase to the attacker’s server, granting them complete control of the victim’s cryptocurrency assets.

Ongoing Threat: Multiple Active Campaigns

This malware campaign, active since at least August, involves at least four separate, ongoing operations. Moonlock’s research shows a worrying trend: dark web marketplaces are actively selling malware with “anti-Ledger” capabilities designed for this specific type of theft. While some advertised features are yet to be fully implemented, the threat is undeniably escalating.

This isn’t just simple theft; it’s a targeted attack aiming to compromise the security of one of the most trusted cryptocurrency management tools. The attackers are continuously refining their techniques, exploiting the trust users place in Ledger Live.

Protecting Yourself: Crucial Security Measures

To avoid falling victim to this dangerous malware, follow these critical steps:

• Only download Ledger Live from the official Ledger website.
• Never enter your seed phrase on any website or share it with anyone.
• Be wary of any unexpected error messages requesting your seed phrase.

Stay vigilant and protect your cryptocurrency. The threat is real, and the attackers are becoming increasingly sophisticated.