People do stupid things, especially if they are infected with a virus (like the woman from the Reddit post), which is completely unaware of the situation with the Ledger Chrome App. Not using Nano S from 2018 and not check what is new, or making a newbie mistake and type seed words in app? So how many times should it be repeated that these words should be not entered anywhere except in the device itself?
Human stupidity is endless, this is just another example - but 14 000 XRP is just $2400 which is a tolerable loss, of course, depending on where you live.
Topic: Ledger Live fake Chrome extensions (Read 333 times)
I'm sad to hear that someone falls for this trick, and it involved huge money. And especially in the crisis that we are in right now, you can't help but feel emotional to those who lost their hard earn money from those scammers. So I do hope that with this kind of warning from the community, no one here will be another statistics in the growing list of victims.
I'm just re-opening the thread because hackers are not yet done. The sad part is, somewhat has fallen victims.
https://www.reddit.com/r/CryptoCurrency/comments/fqjyy3/please_beware_14000_xrp_stolen_from_ledger/
Quote
I have watched our xrp transfer from our account to an account that is currently holding over $2.5 million in xrp. This is clearly a large operation. Details below:
Use to see: https://xrpcharts.ripple.com/#/graph
Our account: rfSYXEwYre349J3tBUhPvcawU5F2EGVN9a
The account that stole our xrp: r9sGt5vtxFcSfK2xwX3HxAMWTPTHo1ZLEg
The whale it was transferred to: rwpMvfxoodXggJ1g4qv6MWAPQqWDwQyHUW
The Chrome app is no longer live. I have however seen it re-uploaded this morning and have reported it. If you do a search for Ledger in the Chrome Store tomorrow morning I am sure you will see it there. Original links to said app:
https://chrome.google.com/webstore/detail/ledger-wallet/pbilbjpkfbfbackdcejdmhdfgeldakkn?utm_source=chrome-ntp-icon
https://chrome.google.com/webstore/detail/ledger-live/opmelhjohnmenjibglddlpmbpbocohck/related?utm_source=chrome-ntp-icon
Use to see: https://xrpcharts.ripple.com/#/graph
Our account: rfSYXEwYre349J3tBUhPvcawU5F2EGVN9a
The account that stole our xrp: r9sGt5vtxFcSfK2xwX3HxAMWTPTHo1ZLEg
The whale it was transferred to: rwpMvfxoodXggJ1g4qv6MWAPQqWDwQyHUW
The Chrome app is no longer live. I have however seen it re-uploaded this morning and have reported it. If you do a search for Ledger in the Chrome Store tomorrow morning I am sure you will see it there. Original links to said app:
https://chrome.google.com/webstore/detail/ledger-wallet/pbilbjpkfbfbackdcejdmhdfgeldakkn?utm_source=chrome-ntp-icon
https://chrome.google.com/webstore/detail/ledger-live/opmelhjohnmenjibglddlpmbpbocohck/related?utm_source=chrome-ntp-icon
https://www.reddit.com/r/CryptoCurrency/comments/fqjyy3/please_beware_14000_xrp_stolen_from_ledger/
It looks like all of the reported malicious extensions have been taken off-line already.
Thanks to those who have reported it. I'm locking this thread now, will re-open if there are new releases of Ledger Live fake extensions.
Thanks to those who have reported it. I'm locking this thread now, will re-open if there are new releases of Ledger Live fake extensions.
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
No, the extension doesn't have a clipboard malware.
I did open up the loader.js and found out that once you type your seed it will be posted to
Code:
https://ledger.productions/api_v1/
here is the snippet of the code,
@asu, @kotajikikox - thanks for the contribution, added them up.
I found a new one,
Code:
https://chrome.google.com/webstore/detail/ledger/afephhbbcdlgdehhddfnehfndnkfbgnm
They probably don't give a F cause they get revenue by selling ads, one should never click on ads anyway.
They would give a fuck if it was about other type of scams but crypto. They made these ads look so similar to the search results I sometimes click on the ads instead of the results without willing to, but now I've moved away from Google. Fuck them, if they don't want to take action against crypto scams and they'd rather help the scammers make other new victims then I'd rather not use their services. Feels safer to use DuckDuckGo and completely free (as in freedom) software on your computer anyway.
Ad blockers like adblock or adblock plus do not really block google ads,
Can vouch for this. Even if you turn off allow acceptable ads, some Google ads in the search area will still show up.
Well, being cautious is always the best protection. Never depends too much on tools and use common sense to filter out the bad guys.
Haha, and months ago when I tried telling someone that Google is still not taking the advertisement check seriously before they let advertisers publish an ad, I was met with "they actually do!". They don't do shit.
They probably don't give a F cause they get revenue by selling ads, one should never click on ads anyway.
Another reason to move away from Google, especially Chrome and start to use Firefox or any other browser. Firefox + AdBlock will completely protect you from such attempts, and with a little common sense from everything else.
I agree that Firefox is better choice than Chrome, but I'm not sure that it would protect from such scam attempts.I'm away from PC now, so I can't check, but I think that these ads on Google search results are still shown even with adblock.
Though, Firefox addon store is better than Chrome, because before uploading addon, it have to be verified by Firefox. We rarely can hear about dangerous addons on Firefox.
I'm away from PC now, so I can't check, but I think that these ads on Google search results are still shown even with adblock.
With keywords "Ledger Live" I get 6 blocked sites (uBlock) and official Ledger site on top (using Firefox+Google search). So I'm sure the thing works, and that AdBlock has a key role to play for anyone who's used to searching the Internet that way. Of course, this does not fit Google who sells their ads by serving them at the top of search results, but given that they do not have effective verification mechanisms, there is nothing but to block them and surf in much safer way.
As far as I can remember, Google plans to disable AdBlock in Chrome, which is one more reason to find an alternative browser.
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
I'm going to bet that it's this one as per usual. Doing social engineering attacks is simply the simplest and probably the most effective, compared to going the malware/virus route whereas it could be a hit or miss.
Another reason to move away from Google, especially Chrome and start to use Firefox or any other browser. Firefox + AdBlock will completely protect you from such attempts, and with a little common sense from everything else.
I agree that Firefox is better choice than Chrome, but I'm not sure that it would protect from such scam attempts.I'm away from PC now, so I can't check, but I think that these ads on Google search results are still shown even with adblock.
Though, Firefox addon store is better than Chrome, because before uploading addon, it have to be verified by Firefox. We rarely can hear about dangerous addons on Firefox.
OP, here another new one.
By looking at the said Overview - It's most likely like that. Don't install it newbies!
Code:
https://chrome.google.com/webstore/detail/ledger-live/lioleonlclpcopelljclgccbojefmeaj
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
By looking at the said Overview - It's most likely like that. Don't install it newbies!
Quote
Using Ledger Live extension you can safely check your balance, send and receive up to 23 different coins and ERC-20 tokens through one single extension. Check your balance in real-time.
Another reason to move away from Google, especially Chrome and start to use Firefox or any other browser. Firefox + AdBlock will completely protect you from such attempts, and with a little common sense from everything else.
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
Haha, and months ago when I tried telling someone that Google is still not taking the advertisement check seriously before they let advertisers publish an ad, I was met with "they actually do!". They don't do shit.
Guess we have to get used to these. Looks as if Google wants to intentionally let crypto scams live on the web's first sight. Remember when Twitter was absolutely entirely spammed with crypto scams? Why did it take so long for them to take action?
I sometimes get fake exchange domains when I look up one (e.g. I get ".com" instead of ".org").. but yeah, sometimes adblocking saves a lot of your time.
Tip for newcomers: always check multiple times through OFFICIAL websites whether what you're downloading is a legit source or not. Even if you have adblock - that doesn't make all scams vanish away. Better check 5 times and be safe than be lazy and have your data and money stolen.
Guess we have to get used to these. Looks as if Google wants to intentionally let crypto scams live on the web's first sight. Remember when Twitter was absolutely entirely spammed with crypto scams? Why did it take so long for them to take action?
I sometimes get fake exchange domains when I look up one (e.g. I get ".com" instead of ".org").. but yeah, sometimes adblocking saves a lot of your time.
Tip for newcomers: always check multiple times through OFFICIAL websites whether what you're downloading is a legit source or not. Even if you have adblock - that doesn't make all scams vanish away. Better check 5 times and be safe than be lazy and have your data and money stolen.
Besides reporting the Ad, we can also report the Chrome extension itself on the extension’s webpage (on the right hand side of the screen we’ll find a section called "Additional Information", and the first entry within, "Report Abuse" leads you here: https://chrome.google.com/webstore/report/pedoikjokpjgkpmideineekfbclpnfjg?hl=en-US&gl=UA).
Actually, of we click "Related" on the extension webpage, we’ll see like 5 more entries created this month that are similar in nature (probably the same malware product registered multiple times under different names).
Actually, of we click "Related" on the extension webpage, we’ll see like 5 more entries created this month that are similar in nature (probably the same malware product registered multiple times under different names).
Fake Ledger Live listed on official Chrome Web Store again,
We can't really expect things like this to go away any time soon. The Google ads platform is simply easily exploitable.
Anyway, I suggest everyone to spend a few extra minutes to report this ad: https://support.google.com/google-ads/contact/vio_other_aw_policy
Also, use an ad blocker.
Fake Ledger Live listed on official Chrome Web Store again, and the sad part is that you can use the search term "Ledger Live" in Google and the first thing that will pop up is this malicious chrome extension, through Google Ads.
Extensions:
Actual images in Chrome Web Store
Extensions:
Code:
https://chrome.google.com/webstore/detail/ledger-live/pedoikjokpjgkpmideineekfbclpnfjg
- offlineCode:
https://chrome.google.com/webstore/detail/ledger-live/bhkcgfbaokmhglgipbppoobmoblcomhh
- offlineCode:
https://chrome.google.com/webstore/detail/ledger-live/dehindejipifeaikcgbkdijgkbjliojc
- offlneCode:
https://chrome.google.com/webstore/detail/ledger-live/lfaahmcgahoalphllknbfcckggddoffj
- offlineCode:
https://chrome.google.com/webstore/detail/ledger-wallet/pbilbjpkfbfbackdcejdmhdfgeldakkn
- offlineCode:
https://chrome.google.com/webstore/detail/ledger-live/lioleonlclpcopelljclgccbojefmeaj
- offlineCode:
https://chrome.google.com/webstore/detail/ledger/afephhbbcdlgdehhddfnehfndnkfbgnm
- offlineJump to: