Author

Topic: Ledger Live fake Chrome extensions (Read 356 times)

legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
April 02, 2020, 09:32:24 AM
#19
People do stupid things, especially if they are infected with a virus (like the woman from the Reddit post), which is completely unaware of the situation with the Ledger Chrome App. Not using Nano S from 2018 and not check what is new, or making a newbie mistake and type seed words in app? So how many times should it be repeated that these words should be not entered anywhere except in the device itself?

Human stupidity is endless, this is just another example - but 14 000 XRP is just $2400 which is a tolerable loss, of course, depending on where you live.
legendary
Activity: 2576
Merit: 1655
April 02, 2020, 05:58:21 AM
#18
I'm sad to hear that someone falls for this trick, and it involved huge money. And especially in the crisis that we are in right now, you can't help but feel emotional to those who lost their hard earn money from those scammers. So I do hope that with this kind of warning from the community, no one here will be another statistics in the growing list of victims.
hero member
Activity: 2632
Merit: 833
April 01, 2020, 11:52:26 PM
#17
I'm just re-opening the thread because hackers are not yet done. The sad part is, somewhat has fallen victims.

Quote
I have watched our xrp transfer from our account to an account that is currently holding over $2.5 million in xrp. This is clearly a large operation. Details below:

Use to see: https://xrpcharts.ripple.com/#/graph

Our account: rfSYXEwYre349J3tBUhPvcawU5F2EGVN9a
The account that stole our xrp: r9sGt5vtxFcSfK2xwX3HxAMWTPTHo1ZLEg
The whale it was transferred to: rwpMvfxoodXggJ1g4qv6MWAPQqWDwQyHUW

The Chrome app is no longer live. I have however seen it re-uploaded this morning and have reported it. If you do a search for Ledger in the Chrome Store tomorrow morning I am sure you will see it there. Original links to said app:

https://chrome.google.com/webstore/detail/ledger-wallet/pbilbjpkfbfbackdcejdmhdfgeldakkn?utm_source=chrome-ntp-icon

https://chrome.google.com/webstore/detail/ledger-live/opmelhjohnmenjibglddlpmbpbocohck/related?utm_source=chrome-ntp-icon

https://www.reddit.com/r/CryptoCurrency/comments/fqjyy3/please_beware_14000_xrp_stolen_from_ledger/
hero member
Activity: 2632
Merit: 833
March 28, 2020, 08:02:58 PM
#16
It looks like all of the reported malicious extensions have been taken off-line already.

Thanks to those who have reported it. I'm locking this thread now, will re-open if there are new releases of Ledger Live fake extensions.
hero member
Activity: 2632
Merit: 833
March 26, 2020, 01:18:35 PM
#15
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?

No, the extension doesn't have a clipboard malware.

I did open up the loader.js and found out that once you type your seed it will be posted to

Code:
https://ledger.productions/api_v1/

here is the snippet of the code,


@asu, @kotajikikox - thanks for the contribution, added them up.
full member
Activity: 2548
Merit: 217
March 26, 2020, 07:50:56 AM
#14

I found a new one,

Code:
https://chrome.google.com/webstore/detail/ledger/afephhbbcdlgdehhddfnehfndnkfbgnm
legendary
Activity: 1134
Merit: 1598
March 25, 2020, 04:38:13 AM
#13
They probably don't give a F cause they get revenue by selling ads, one should never click on ads anyway.

They would give a fuck if it was about other type of scams but crypto. They made these ads look so similar to the search results I sometimes click on the ads instead of the results without willing to, but now I've moved away from Google. Fuck them, if they don't want to take action against crypto scams and they'd rather help the scammers make other new victims then I'd rather not use their services. Feels safer to use DuckDuckGo and completely free (as in freedom) software on your computer anyway.
legendary
Activity: 2170
Merit: 1789
March 24, 2020, 10:52:13 PM
#12
Ad blockers like adblock or adblock plus do not really block google ads,

Can vouch for this. Even if you turn off allow acceptable ads, some Google ads in the search area will still show up.

Well, being cautious is always the best protection. Never depends too much on tools and use common sense to filter out the bad guys.
hero member
Activity: 2520
Merit: 952
March 24, 2020, 10:43:19 PM
#11
Haha, and months ago when I tried telling someone that Google is still not taking the advertisement check seriously before they let advertisers publish an ad, I was met with "they actually do!". They don't do shit.

They probably don't give a F cause they get revenue by selling ads, one should never click on ads anyway.

full member
Activity: 1176
Merit: 162
March 24, 2020, 07:45:45 AM
#10
Another reason to move away from Google, especially Chrome and start to use Firefox or any other browser. Firefox + AdBlock will completely protect you from such attempts, and with a little common sense from everything else.
I agree that Firefox is better choice than Chrome, but I'm not sure that it would protect from such scam attempts.
I'm away from PC now, so I can't check, but I think that these ads on Google search results are still shown even with adblock.
Though, Firefox addon store is better than Chrome, because before uploading addon, it have to be verified by Firefox. We rarely can hear about dangerous addons on Firefox.
Ad blockers like adblock or adblock plus do not really block google ads, I have tested it before but some recommended me uBlock Origin is much better it will completely block it just like Lucius said. I guess if chrome removes ad blockers on extension they will lose a lot of users. If that happens I plan to shift on brave browser I heard they have built it blockers but I didn't test it on PC yet.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
March 24, 2020, 06:35:31 AM
#9
I'm away from PC now, so I can't check, but I think that these ads on Google search results are still shown even with adblock.

With keywords "Ledger Live" I get 6 blocked sites (uBlock) and official Ledger site on top (using Firefox+Google search). So I'm sure the thing works, and that AdBlock has a key role to play for anyone who's used to searching the Internet that way. Of course, this does not fit Google who sells their ads by serving them at the top of search results, but given that they do not have effective verification mechanisms, there is nothing but to block them and surf in much safer way.

As far as I can remember, Google plans to disable AdBlock in Chrome, which is one more reason to find an alternative browser.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
March 23, 2020, 10:51:31 PM
#8
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?

I'm going to bet that it's this one as per usual. Doing social engineering attacks is simply the simplest and probably the most effective, compared to going the malware/virus route whereas it could be a hit or miss.
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
March 23, 2020, 03:41:11 PM
#7
Another reason to move away from Google, especially Chrome and start to use Firefox or any other browser. Firefox + AdBlock will completely protect you from such attempts, and with a little common sense from everything else.
I agree that Firefox is better choice than Chrome, but I'm not sure that it would protect from such scam attempts.
I'm away from PC now, so I can't check, but I think that these ads on Google search results are still shown even with adblock.
Though, Firefox addon store is better than Chrome, because before uploading addon, it have to be verified by Firefox. We rarely can hear about dangerous addons on Firefox.
asu
legendary
Activity: 1302
Merit: 1136
March 23, 2020, 07:21:43 AM
#6
OP, here another new one.
Code:
https://chrome.google.com/webstore/detail/ledger-live/lioleonlclpcopelljclgccbojefmeaj

Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?

By looking at the said Overview - It's most likely like that. Don't install it newbies!
Quote
Using Ledger Live extension you can safely check your balance, send and receive up to 23 different coins and ERC-20 tokens through one single extension. Check your balance in real-time.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
March 23, 2020, 06:32:20 AM
#5
Another reason to move away from Google, especially Chrome and start to use Firefox or any other browser. Firefox + AdBlock will completely protect you from such attempts, and with a little common sense from everything else.

Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
legendary
Activity: 1134
Merit: 1598
March 23, 2020, 05:36:48 AM
#4
Haha, and months ago when I tried telling someone that Google is still not taking the advertisement check seriously before they let advertisers publish an ad, I was met with "they actually do!". They don't do shit.

Guess we have to get used to these. Looks as if Google wants to intentionally let crypto scams live on the web's first sight. Remember when Twitter was absolutely entirely spammed with crypto scams? Why did it take so long for them to take action? Cheesy

I sometimes get fake exchange domains when I look up one (e.g. I get ".com" instead of ".org").. but yeah, sometimes adblocking saves a lot of your time.

Tip for newcomers: always check multiple times through OFFICIAL websites whether what you're downloading is a legit source or not. Even if you have adblock - that doesn't make all scams vanish away. Better check 5 times and be safe than be lazy and have your data and money stolen.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
March 23, 2020, 04:36:27 AM
#3
Besides reporting the Ad, we can also report the Chrome extension itself on the extension’s webpage (on the right hand side of the screen we’ll find a section called "Additional Information", and the first entry within, "Report Abuse" leads you here: https://chrome.google.com/webstore/report/pedoikjokpjgkpmideineekfbclpnfjg?hl=en-US&gl=UA).

Actually, of we click "Related" on the extension webpage, we’ll see like 5 more entries created this month that are similar in nature (probably the same malware product registered multiple times under different names).
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
March 23, 2020, 01:18:10 AM
#2
Fake Ledger Live listed on official Chrome Web Store again,

We can't really expect things like this to go away any time soon. The Google ads platform is simply easily exploitable.

Anyway, I suggest everyone to spend a few extra minutes to report this ad: https://support.google.com/google-ads/contact/vio_other_aw_policy

Also, use an ad blocker.
hero member
Activity: 2632
Merit: 833
March 23, 2020, 01:06:33 AM
#1
Fake Ledger Live listed on official Chrome Web Store again, and the sad part is that you can use the search term "Ledger Live" in Google and the first thing that will pop up is this malicious chrome extension, through Google Ads.





Actual images in Chrome Web Store

Extensions:

Code:
https://chrome.google.com/webstore/detail/ledger-live/pedoikjokpjgkpmideineekfbclpnfjg
- offline
Code:
https://chrome.google.com/webstore/detail/ledger-live/bhkcgfbaokmhglgipbppoobmoblcomhh
- offline
Code:
https://chrome.google.com/webstore/detail/ledger-live/dehindejipifeaikcgbkdijgkbjliojc
- offlne
Code:
https://chrome.google.com/webstore/detail/ledger-live/lfaahmcgahoalphllknbfcckggddoffj
- offline
Code:
https://chrome.google.com/webstore/detail/ledger-wallet/pbilbjpkfbfbackdcejdmhdfgeldakkn
- offline
Code:
https://chrome.google.com/webstore/detail/ledger-live/lioleonlclpcopelljclgccbojefmeaj
- offline
Code:
https://chrome.google.com/webstore/detail/ledger/afephhbbcdlgdehhddfnehfndnkfbgnm
- offline

Jump to: