False Google Chrome extension allowed to steal funds from a popular hardware wallet
The manufacturer of the hardware wallet for the crypto – Ledger warned its users against another phishing attack aimed at stealing their funds – this time using Google Chrome extension.
False Google Chrome extension
In a tweet on March 5, the company warned that there is a fake Google Chrome browser extension that hackers are using to steal your crypto:
Malicious Chrome extension caught stealing Ledger wallet recovery seeds
> Stolen Ledger seed phrases will allow attacker to recover Ledger wallet content on another device — gain access to the victim's cryptocurrency private keyshttps://t.co/0GqLzNhpSn pic.twitter.com/zCa8xVmUrx
— Catalin Cimpanu (@campuscodi) March 5, 2020
The actions of the criminals were noticed on 4th March by Catalina Cimpanu, a journalist from the cyber security department on the ZDNet website dedicated to business technology. According to him, the malicious Google Chrome extension was discovered by Harry Denley, director of security on MyCrypto platform.
The malicious browser extension is called Ledger Live. It looks like a real mobile and desktop application with a name that allows hardware wallet users to approve transactions by “synchronizing the hardware wallet with the trusted device”. Currently, the fake Ledger Live extension has already been removed from the Chrome Web Store. According to the media, it has been downloaded at least 120 times.
A fake Chrome extension has been found, asking to enter your 24 word recover phrase
⚠️NEVER share your 24 words
⚠️NEVER enter your 24 words into any internet-connected device
⚠️Ledger will NEVER ask for your 24 words
— Ledger Support (@Ledger_Support) March 5, 2020
According to ZDNet, the malicious extension has tried to mislead users, pretending to be the Chrome version of the original Ledger Live application, which allows you to check balances and validate transactions in the crypto. Users were offered to install the extension and connect the Ledger wallet to it, while entering the initial phrase of the wallet – a backup phrase or keyword used to access their wallet.
Denley, who was the first to discover a phishing attack, ridiculed the malicious extension, claiming that it makes no sense to install and use such an extension on a hardware wallet that is supposed to protect funds by storing the crypto offline. He admitted, however, that he wouldn’t be surprised if the malicious extension actually deceived many people, adding that “the big problem in the cryptocurrencies area is teaching people that their private keys should stay offline”. The malicious extension could also mislead some users, given that it was advertised by the Google Ads online advertising platform, Denley reports.
In his warning, Ledger stressed that the platform never asks users for password recovery phrases by themselves. She added to never share a 24-word string.