{"id":129846,"date":"2025-05-23T06:15:27","date_gmt":"2025-05-23T06:15:27","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=129846"},"modified":"2025-05-23T06:15:27","modified_gmt":"2025-05-23T06:15:27","slug":"hackers-using-fake-ledger-live-app-to-steal-seed-phrases-and-drain-crypto","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=129846","title":{"rendered":"Hackers using fake Ledger Live app to steal seed phrases and drain crypto"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsCybercriminals are using fake Ledger Live apps to drain macOS users\u2019 crypto through malware that steals seed phrases, a cybersecurity firm warns.\u00a0<br \/>\nThe malware replaces the legitimate Ledger Live app on victims\u2019 devices and then prompts the user to input their seed phrase through a phony pop-up message, a team from Moonlock said in a May 22 report.<br \/>\n\u201cInitially, attackers could use the clone to steal passwords, notes, and wallet details to get a glimpse of the wallet\u2019s assets, but they had no way to extract the funds,\u201d the Moonlock team said.<br \/>\n\u201cNow, within a year, they have learned to steal seed phrases and empty the wallets of their victims,\u201d it added.\u00a0<br \/>\nOne way the scammers replace the real Ledger Live app with a clone is through the Atomic macOS Stealer, designed to steal sensitive data, which Moonlock said it has found lurking on at least 2,800 hacked websites.<br \/>\nSource: Moonlock\u00a0After infecting a device, Atomic macOS steals personal data, passwords, notes and wallet details and replaces the real Ledger Live app with a phony.\u00a0<br \/>\n\u201cThe fake app then displays a convincing alert about suspicious activity, prompting the user to enter their seed phrase,\u201d the Moonlock team said.<br \/>\n\u201cOnce entered, the seed phrase is sent to an attacker-controlled server, exposing the user\u2019s assets in seconds.\u201d<br \/>\nMalware campaign active since August\u00a0<br \/>\nMoonlock has been tracking malware that&#8217;s distributing a malicious clone of Ledger Live since August, with at least four active campaigns, and they think hackers are \u201conly getting smarter.\u201d\u00a0<br \/>\nThreat actors on the dark web are offering malware with \u201canti-Ledger\u201d features. However, one of the examples examined by Moonlock did not feature the full anti-Ledger phishing functionality advertised. The firm speculates those features could \u201cstill be in development or is forthcoming in future updates.\u201d\u00a0<br \/>\nMoonlock says hackers are offering malware for would-be thieves to steal from Ledger users. Source: Moonlock\u201cThis isn\u2019t just a theft. It\u2019s a high-stakes effort to outsmart one of the most trusted tools in the crypto world. And the thieves are not backing down,\u201d Moonlock said.\u00a0<br \/>\n\u201cOn dark web forums, chatter around anti-Ledger schemes is growing. The next wave is already taking shape. Hackers will continue to exploit the trust crypto owners place in Ledger Live.\u201d\u00a0<br \/>\nRelated: Ledger secures Discord after hacker bot tried to steal seed phrases<br \/>\nTo avoid falling prey to similar malware scams, the cybersecurity firm recommends being wary of any page that warns of a critical error and asks for a 24-word recovery phrase.<br \/>\nAt the same time, never share a seed phrase with anyone or input it on any website, no matter how legitimate it looks and only download Ledger Live from its official source.\u00a0<br \/>\nLedger didn\u2019t immediately respond to Cointelegraph\u2019s request for comment.\u00a0<br \/>\nMagazine: ChatGPT a \u2018schizophrenia-seeking missile,\u2019 AI scientists prep for 50% deaths<a href=\"https:\/\/cointelegraph.com\/news\/hackers-fake-ledger-apps-to-steal-seed-phrases?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsCybercriminals are using fake Ledger Live apps to drain macOS users\u2019 crypto through malware that steals seed phrases, a cybersecurity firm warns.\u00a0 The malware replaces the legitimate Ledger&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/129846"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=129846"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/129846\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=129846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=129846"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=129846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}