Ledger is a hardware cryptocurrency wallet that allows users to store, manage, and sell cryptocurrency. The funds stored in these wallets are secured using a 24-word pass phrase and it also supports 12-word or 18-word pass phrases that are used by other wallets. A new phishing scam is underway that is targeting Ledger wallet users with fake data breach notifications that are used to steal the contents of users’ wallets. In July of this year, Ledger suffered a data breach that leaked customer contact details. At the time of the breach, ledger stated that the affected 9,500 customers were provided with an email containing additional information on the attack. Beginning in October, Ledger users started receiving emails that falsely claim that a second data breach happened and that they should install the latest version of Ledger Live to secure their assets with a new pin code. The domains in the email use Punycode characters to make them look like the legitimate domain—one example is https://ledģėr.com. The fake site prompts the user to download the malicious program which, once installed on a desktop, will prompt the user to either ‘restore devices from recovery phrase’ or ‘don’t have a Ledger device.’ If a victim inputs their recovery phrase, it is sent back to the attacker so they can steal the contents of the wallet.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased