The Ledger Live malicious application is still available to users in the Chrome Web Store. So far, there have been at least 120 downloads of the extension from that website.
Last March 5th, the support team of the cryptocurrency cold wallet manufacturer Ledger confirmed the existence in the Google Chrome application store of a malicious extension with its name. Through a Twitter post, Ledger explained that there is an extension for Chrome called Ledger Live, the application to manage Ledger devices.
In the tweet, Ledger explained that it is a software program that requests entering the 24-word recovery phrase that allows accessing users’ private keys. Ledger posted the message in response to a tweet that it had received the previous day. In that first message, the cybersecurity reporter Catalin Cimpanu warned users about the fraudulent application.
The Ledger team took advantage of the post to remind its users of the importance of not sharing their recovery phrase, as well as not entering those words on devices connected to the Internet. In the message, they highlighted that Ledger will never request its users for their 24-word recovery phrase.
In an article that provides details of how the malicious extension operates, Cimpanu explains that Harry Denley, Director of Security at the MyCrypto platform, was the person that notified of the presence of the fake Ledger Live in the Chrome Store.
The same text indicates that, at the time of downloading and executing the extension, it directly requests users to provide their 24-word phrases. Then, the application sends the data to a Google Forms form, from which the creator of the application can extract the information and have access to their funds.
At the time of writing this article, users still search for the application in the Google Chrome store. Even though this application had been previously suspended, Cimpanu says that it reflected at least 120 download activities. Unfortunately, the number of these downloads that resulted in the theft of funds is still unknown.
On Ledger’s official website, it is possible to see that the Ledger Live application is available in three ways. There is a desktop version, downloadable from the same portal, and two other versions available in mobile app stores for iOS and Android devices. Of course, there is no mention of the Google browser there.
Theft through Fake Browser Extensions
During the first week of February 2020, there was a report of another false malicious extension in the Google Chrome application store. Before the case of Ledger, the Coinomi team warned its users about a fake application with its name on that website.
On that occasion, the Coinomi team denounced that this application had been stealing funds from its users. Even though they did not provide any details of the amounts stolen, they said that they complained to Google so that they suspended the application.
This is not the first time that fake applications have stolen funds in cryptocurrencies. It has already happened with Trezor, another manufacturer of cold wallets, as well as with the MetaMask and Exodus wallets. False applications associated with the cryptocurrency NEO and the stablecoin Tether have also been detected.
Companies like Google need to verify all the applications that are available on their websites. These reports on fake applications that affect cryptocurrency users should lead them to take action on the matter.
By Alexander Salazar
