False Google Chrome extension allowed to steal funds from a popular hardware wallet

The manufacturer of the hardware wallet for the crypto – Ledger warned its users against another phishing attack aimed at stealing their funds – this time using Google Chrome extension.

False Google Chrome extension

In a tweet on March 5, the company warned that there is a fake Google Chrome browser extension that hackers are using to steal your crypto:

The actions of the criminals were noticed on 4th March by Catalina Cimpanu, a journalist from the cyber security department on the ZDNet website dedicated to business technology. According to him, the malicious Google Chrome extension was discovered by Harry Denley, director of security on MyCrypto platform.

Bitcoin rich people. How many billionaires are there in the crypto market?

The malicious browser extension is called Ledger Live. It looks like a real mobile and desktop application with a name that allows hardware wallet users to approve transactions by “synchronizing the hardware wallet with the trusted device”. Currently, the fake Ledger Live extension has already been removed from the Chrome Web Store. According to the media, it has been downloaded at least 120 times.

According to ZDNet, the malicious extension has tried to mislead users, pretending to be the Chrome version of the original Ledger Live application, which allows you to check balances and validate transactions in the crypto. Users were offered to install the extension and connect the Ledger wallet to it, while entering the initial phrase of the wallet – a backup phrase or keyword used to access their wallet.

Litecoin Foundation: Litecoin has entered the mainstream. 13,000 LTC bitomats in South Korea.

Denley, who was the first to discover a phishing attack, ridiculed the malicious extension, claiming that it makes no sense to install and use such an extension on a hardware wallet that is supposed to protect funds by storing the crypto offline. He admitted, however, that he wouldn’t be surprised if the malicious extension actually deceived many people, adding that “the big problem in the cryptocurrencies area is teaching people that their private keys should stay offline”. The malicious extension could also mislead some users, given that it was advertised by the Google Ads online advertising platform, Denley reports.

Ledger’s reaction

In his warning, Ledger stressed that the platform never asks users for password recovery phrases by themselves. She added to never share a 24-word string.

Leave a Reply