Ledger, one of the largest crypto-coins in the world, used Twitter to warn its users about the danger of malware on Thursday (25). The virus replaces the Ledger Live desktop application with a fake version fooling the victims into putting their 24-word catch phrase.
So far, the threat seems to affect only Windows computers and only one device has been affected, according to company information, Blokt published on Friday (26).
The password request occurs after a fake update and Ledger warns that its users do not fall in the blow.
The virus does not compromise the user's crypto-coins and wallets, the company claims, it was designed to be a phishing attack. Therefore, it only works by stealing data that you insert into the malicious application.
According to Ledger, inserting the 24-word recovery password into a hardware wallet device presents no risk, as they are designed to protect cryptoactive against this type of attack.
Therefore, unless the user provides his password to the hackers, he is safe when accessing the wallet. However, Windows users should not do this for now.
In her tweet, the company has inserted a link to her security best practices manual, where she asks her users never to share her 24 word catch phrase.
Another important tip is that passwords should not be stored on a computer or smartphone, but written and kept in a safe place.
When noticing something similar to what has been described, users should contact Ledger immediately. The company promises to address the issue with extreme urgency, and advises users to adopt prevention methods to avoid becoming victims of the attack.
Company remains vulnerable
Researcher DocDoid published a vulnerability report regarding Ledger's portfolios in February 2018. The document alleges that due to a flaw, the company was prone to hacker attacks to infect portfolios with malicious software.
Later, Ledger acknowledged the problem in a tweet, but admitted he could not solve it, since malware can always change what people see on their computer screens.
The company said it is working to help users avoid such attacks. You also asked them to verify the receiving address on the device screen manually with the help of the "monitor" button available on the transaction request form.
Source: https://criptonizando.com/2019/04/26/le ... -palavras/
Forum rules
If you are posting news, press or any other related material that directly or in-directly benefits you, we request that you post a back-link to bitcoin.com by using a button, banner or text-link on your website. Thanks for supporting Bitcoin.com!
If you are posting news, press or any other related material that directly or in-directly benefits you, we request that you post a back-link to bitcoin.com by using a button, banner or text-link on your website. Thanks for supporting Bitcoin.com!
Who is online
Users browsing this forum: No registered users and 4 guests