Cybercriminals have launched a brand new phishing marketing campaign focusing on Ledger pockets customers that makes use of faux data breach notifications to steal their cryptocurrency.
Ledger makes bodily cryptocurrency wallets that enable customers to retailer, handle and promote cryptocurrencies similar to bitcoin. The funds saved within the firm’s wallets are secured utilizing a 24-word restoration phrase although its gadgets additionally help 12, 18, or 24-word restoration phrases utilized by different cryptocurrency wallets. As a pockets’s restoration part can be utilized to entry a consumer’s funds, they have to be saved offline and never shared with others to forestall cryptocurrency from being stolen.
Again in July of this 12 months, Ledger suffered an information breach when a vulnerability within the firm’s web site allowed cybercriminals to entry prospects’ contact particulars. At the moment, the corporate emailed the 9,500 prospects who had been affected with extra details about the assault.
Starting in October, cybercriminals started sending out fake emails to customers concerning a brand new Ledger knowledge breach. These emails informed customers affected by the breach to put in the most recent model of Ledger Dwell, saying:
“We remorse to tell you that we’ve been alerted of an information breach affecting confidential knowledge belonging to roughly 115,000 of our prospects, which incorporates private info, PIN-encrypted personal and public keys, in addition to the quantity of every cryptocurrency saved contained in the pockets.”
Faux knowledge breach notifications
This new phishing marketing campaign is sort of intelligent because it performs on the fears of Ledger customers who acquired an electronic mail only a few months in the past informing them of an precise knowledge breach. The faux knowledge breach notification emails additionally use Punycode characters to impersonate the corporate’s web site utilizing both accented or Cyrillic characters. Because of this customers might imagine they’re visiting ledger.com when actually they’re actually clicking on a hyperlink to https://ledģėr[.]com.
After visiting the faux website, customers are prompted to obtain the Ledger Dwell app for both cellular or desktop. The hyperlinks to the cellular variations of the app are real however the hyperlink to the desktop model downloads a faux Ledger Dwell software that’s designed to be nearly an identical to the official model.
When a consumer clicks on the “Restore gadgets from Restoration phrase” choice within the faux app, they’re prompted to enter their restoration phrase which is then despatched again to a site managed by the attackers. The faux app additionally asks customers for his or her secret passphrase and with each in hand, the attackers can achieve full entry to a consumer’s pockets and steal all of their cryptocurrency.
To forestall falling sufferer to this new phishing marketing campaign, Ledger customers must be further cautious when checking their electronic mail and keep away from clicking on hyperlinks to Ledger.com in any emails that do find yourself of their inboxes. Ledger plans on publishing a phishing standing web page subsequent week to supply its customers with extra info on these ongoing assaults.