Cybercriminals are using fake Ledger Live apps to drain macOS users’ crypto through malware that steals seed phrases, a cybersecurity firm warns.
The malware replaces the legitimate Ledger Live app on victims’ devices and then prompts the user to input their seed phrase through a phony pop-up message, a team from Moonlock said in a May 22 report.
“Initially, attackers could use the clone to steal passwords, notes, and wallet details to get a glimpse of the wallet’s assets, but they had no way to extract the funds,” the Moonlock team said.
“Now, within a year, they have learned to steal seed phrases and empty the wallets of their victims,” it added.
One way the scammers replace the real Ledger Live app with a clone is through the Atomic macOS Stealer, designed to steal sensitive data, which Moonlock said it has found lurking on at