Hardware cryptocurrency wallet manufacturer Ledger has detected malware targeting its desktop application, according to a tweet on April 25.
Ledger warned its users that the malware locally replaces the Ledger Live desktop app with a malicious one, and advised to follow security practices published on its blog. The company’s Twitter announcement specifically reads:
“WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update.”
In the comments to the post, Ledger revealed that the malware is infecting only Windows machines, although the company has reportedly detected only one affected device. Ledger further noted that the malware cannot compromise users’ computers or digital currency, but only represents a phishing attack in a bid to lure users to enter their 24-words recovery phrases.
Ledger also pointed out that the malicious software does not originate from its website or servers, however the company did not discover the infection method at the time.
Last December, the research team behind the dubbed “Wallet.fail” hacking project claimed that they were reportedly able to install any firmware on a Ledger Nano S. While the team used this vulnerability to play the game Snake on the device, one member of the team that found the exploit claimed:
“We can send malicious transactions to the ST31 [the secure chip] and even confirm it ourselves [via software,] or we can even go and show a different transaction [not the one that is actually being sent] on the screen.”
The team also demonstrated that they found a vulnerability in the Ledger Blue, the most expensive hardware wallet produced by the company, that comes with a color touchscreen. The signals are transported to the screen by an unusually long trace on the motherboard, the researcher explained, which is why it leaks those signals as radio waves.
When a USB cable is attached to the device, the aforementioned leaked signals purportedly get strong enough that they could be easily received from a distance of several meters.
Following the claim, Ledger claimed that the uncovered vulnerabilities in its hardware wallets are not critical. The reason Ledger said that the vulnerability was not critical is that “they did not succeed to extract any seed nor PIN on a stolen device” and “sensitive assets stored on the Secure Element remain secure.”