Ledger is a hardware cryptocurrency wallet that allows users to store, manage, and sell cryptocurrency. The funds stored in these wallets are secured using a 24-word pass phrase and it also supports 12-word or 18-word pass phrases that are used by other wallets. A new phishing scam is underway that is targeting Ledger wallet users with fake data breach notifications that are used to steal the contents of users’ wallets. In July of this year, Ledger suffered a data breach that leaked customer contact details. At the time of the breach, ledger stated that the affected 9,500 customers were provided with an email containing additional information on the attack. Beginning in October, Ledger users started receiving emails that falsely claim that a second data breach happened and that they should install the latest version of Ledger Live to secure their assets with a new pin code. The domains in the email use Punycode characters to make them look like the legitimate domain—one example is https://ledģėr.com. The fake site prompts the user to download the malicious program which, once installed on a desktop, will prompt the user to either ‘restore devices from recovery phrase’ or ‘don’t have a Ledger device.’ If a victim inputs their recovery phrase, it is sent back to the attacker so they can steal the contents of the wallet.
Analysts Notes: Ledger has not been the victim of a second breach so any emails concerning a secondary breach should be completely disregarded. If an email is received that asks the user to install Ledger Live, the user should not follow any embedded links and instead go to the legitimate Ledger site that can be found at www.ledger.com. Ledger has stated that they are going to be releasing information on this scam in the very near future.
Source Article: https://www.bleepingcomputer.com/news/security/fake-data-breach-alerts-used-to-steal-ledger-cryptocurrency-wallets/