Cybercriminals have launched a new phishing campaign targeting Ledger wallet users that uses fake data breach notifications to steal their cryptocurrency. Ledger makes physical cryptocurrency wallets that allow users to store, manage, and sell cryptocurrencies like bitcoin. Funds stored in Company wallets are protected using a 24-word recovery phrase, although your devices also support 12-, 18-, or 24-word recovery phrases used by others. cryptocurrency wallets. As the recovery phase of a wallet can be used to access a user's funds, they should be stored offline and not shared with others to prevent cryptocurrency theft. In July of this year, Ledger suffered a data breach when a vulnerability on the company's website allowed cybercriminals to access customer contact information. At that time, the company sent an email to the 9.500 affected customers with more information about the attack. Starting in October, cybercriminals began sending fake emails to users regarding a new Ledger data breach. These emails asked users affected by the breach to install the latest version of Ledger Live, saying: "We regret to inform you that we have been alerted to a data breach affecting sensitive data belonging to approximately 115.000 of our customers, including personal information. , private and public keys encrypted by PIN code, as well as the amount of each cryptocurrency stored in the wallet.
Fake data breach notifications
This new phishing campaign is smart enough because it plays on the fears of Ledger users who received an email a few months ago informing them of a real data breach. Fake data breach notification emails also use Punycode characters to impersonate the company website using accented or Cyrillic characters. This means that users may think they are visiting ledger.com when they are actually clicking a link to https://ledģėrcom. After visiting the fake site, users are prompted to download the Ledger Live app for mobile or desktop. The links to the mobile versions of the app are authentic, but the link to the desktop version downloads a fake Ledger Live app that is designed to be almost identical to the legitimate version. When a user clicks the "Restore devices from recovery phrase" option in the fake app, they are prompted to enter their recovery phrase, which is then returned to a domain controlled by the attackers. The fake app also asks users for their password, and with both in hand, attackers can gain full access to a user's wallet and steal all of their cryptocurrency. To avoid falling victim to this new phishing campaign, Ledger users should be very careful when checking their emails and avoid clicking links to Ledger.com in emails that end in their email. inboxes. Ledger plans to publish a phishing status page next week to provide its users with more information about these ongoing attacks. Via BleepingComputer