French cryptocurrency hardware wallet manufacturer Ledger has recently warned against a malware it detected, which replaces its Ledger Live desktop applications with a malicious one that asks for users’ recovery phrases.
According to tweet published by the company, the malicious Ledger Live desktop application goes through a “fake update” before asking users to enter their 24-word recovery phrase, presumably in an attempt to phish them and steal their crypto.
WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update. Please refer to our security best practices https://t.co/MlAUlgoqj9 pic.twitter.com/Qzr3o4xaOq— Ledger (@Ledger) April 25, 2019
In a follow-up, Ledger noted the malware is only infecting Windows machines, and appears to be “highly targeted” as so far only one instance on one computer has been detected. Per the French startup, the malware can’t affect Ledger wallets or steal users’ funds through it, unless they’re tricking into entering their recovery phrase – something they shouldn’t do.
The firm added that hardware wallets are designed to “protect crypto assets against this kind of attacks,” and that to mitigate this type of attacks “education of users is paramount.” Notably the malware was found at a time in which it was revealed Ledger received a $2.9 million investment from South Korean tech giant Samsung.
The move gave the company, which in 2018 received a Startup of the Year award from Ernst & Young (EY) for the Ile-de-France region, a valuation of roughly $290 million and followed a Series A funding round in 2017 where it raised $7 million, and a Series B funding round from last year where it raised $75 million.