A virus

was detected in the Ledger Live application for hardware wallets Ledger

The developers of Ledger hardware cryptographs reported detecting a malicious program that infects a computer on Windows, replaces the desktop version of Ledger Live and requires the user to enter its 24-password recovery password.

The company assured that Ledger cryptographs have sufficient protection against such phishing attacks, and cryptoactive assets are safe – until their holders tell their password to hackers.

In order to avoid such an error, the owners of cryptographic wallets were recommended never to enter the recovery password on a computer, smartphone, or other devices connected to the Internet.

Replacing the malicious desktop software by a malicious one. 24-word recovery phrases. Please refer to our security best practices https://t.co/MlAUlgoqj9 pic.twitter.com/Qzr3o4xaOq

– Ledger (@Ledger) April 25, 2019

Since the malware was detected on one computer, Ledger experts did not have reason to believe that users of mobile applications are also under the threat of a phishing attack.

Recall that last month the Ledger Nano S hardware cryptographic client received the first level of a security certificate (CPSN) from the National Security Agency of Information Systems (ANSSI).

However, errors were noted earlier in the device: in 2018, a 15-year-old teenager from the UK discovered the vulnerability in it, later the firmware update unintentionally reduced his internal memory, and other violations appeared in conjunction with the Monero 0.14 client.

Publication date 27/04/2019
Share this material on social networks and leave your opinion in the comments below.