Bitcoin Forum>Other>Beginners & Help
Author

Topic: {Warning}: Phishing attempt Ledger Nano S/X (Read 190 times)

Jating
hero member
Activity: 2842
Merit: 772
{Warning}: Phishing attempt Ledger Nano S/X
October 27, 2019, 06:03:48 AM
#5
Quote from: hugeblack on October 26, 2019, 08:38:48 AM
Quote from: Baofeng on October 25, 2019, 08:03:22 PM
Please do not download that executable. It contains malicious code, so please be very very careful
In short, be careful before you download any program or give permission to any program. some programs, although reliable, but weak protection, allowing scammers to exploit the vulnerabilities in some versions to attack them your legal wallet.
If there are any problems related to the wallet, check the authenticity of the news from the official website and then search or ask here before downloading any application.

It seems that the scammers have switched from attacking desktop wallets (electrum) to hardware wallets.
Or scammers simply looking for every chance they got in this crypto sphere.

Trezor has been attacked too, so it's just a matter of time because scammers will go for another exploit here, (whether Electrum or desktop or hardware wallets) as long as they know that people are going to easily fall for it, those bad actors are going to exploit it.

@GSpgh - the danger is downloading the said apps and believing that the email come from Ledger themselves.
hugeblack
legendary
Activity: 2702
Merit: 4002
Re: {Warning}: Phishing attempt Ledger Nano S/X
October 26, 2019, 08:38:48 AM
#4
Quote from: Baofeng on October 25, 2019, 08:03:22 PM
Please do not download that executable. It contains malicious code, so please be very very careful
In short, be careful before you download any program or give permission to any program. some programs, although reliable, but weak protection, allowing scammers to exploit the vulnerabilities in some versions to attack them your legal wallet.
If there are any problems related to the wallet, check the authenticity of the news from the official website and then search or ask here before downloading any application.

It seems that the scammers have switched from attacking desktop wallets (electrum) to hardware wallets.
DdmrDdmr
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Re: {Warning}: Phishing attempt Ledger Nano S/X
October 26, 2019, 05:24:22 AM
#3
Actually, @thefuzzstone has tweeted about it today, and posted it on Redddit (see https://www.reddit.com/r/CryptoCurrency/comments/dnb5lz/ledger_users_dont_be_fooled_by_phishing). On the provided link you can see the original email format.

What the .exe most likely does is what prior versions have done: draw you into typing your 24 word recovery phrase in order to restore your device to an alleged working state (see general ledger warnings on the topic https://support.ledger.com/hc/en-us/articles/360035343054-Beware-of-phishing-attempts).
GSpgh
sr. member
Activity: 532
Merit: 302
Re: {Warning}: Phishing attempt Ledger Nano S/X
October 25, 2019, 08:14:17 PM
#2
I wonder what the actual danger is? Can the malware somehow bypass the PIN? I don't think so.

When I got my ledger the "apps" kind of worried me but its just an unfortunate name really, those apps are not like phone apps or anything, and cant have backdoors, can they?
Baofeng
legendary
Activity: 2576
Merit: 1655
Re: {Warning}: Phishing attempt Ledger Nano S/X
October 25, 2019, 08:03:22 PM
#1
It was reported that another rounds of phishing email with regards to the so called security vulnerability of Ledger Nano has been spreading in the wild.

So, if you received such email below:

Quote
Legder - Wrong spelling

SECURITY VULNERABILITY

IMPORTANT: Ledger Nano S and Ledger Nano X SECURE RNG CHIP
CRITICAL VULNERABILITY

Inside Ledger hardware wallet, we use the Secure Element
chip to generate and store the private keys for your crypto
assets. Unfortunately, some chips, a limited number, were
found to be defective by the external company commissioned
by Ledger for the production. The problem identified
concerns the lack of a correct source of entropy for use by
the random number generator may lead to the generation of
predictable sequences of numbers and therefore of private
keys by malicious users.

Ledger is actively working on the problem to replace all
defective devices. Please check now if your device is
defective with the Ledger SE tool.

We apologize for the inconvenience.


This mail was sent to you because your Ledger device could
be faulty.

Please download the Ledger SE Cecker tool below and check
right now!

Please do not download that executable. It is contains malicious code, so please be very very careful

Code:
PHISING - Ledger SE.exe



https://www.virustotal.com/gui/file/ec61d516b476ea8ecd688364a25135a07b3fd5cf4536dc33ea58c1a5ecb8b1f8/detection
Bitcoin Forum>Other>Beginners & Help
Jump to: