On his Twitter account, Ledger warned users that the virus was locally replacing the Ledger Live desktop application with malware, and advised to follow the security guidelines published on the company’s blog. A Twitter ad says:
WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update. Please refer to our security best practices https://t.co/MlAUlgoqj9 pic.twitter.com/Qzr3o4xaOq
— Ledger (@Ledger) April 25, 2019
In the comments to the post, Ledger representatives reported that malware infects only devices on Windows, although so far the company has detected only one compromised device. The company also noted that the virus cannot compromise users’ computers or cryptocurrency, but represents only a phishing attack in an attempt to force users to enter their phrases to restore access from 24 words.
Ledger also reported that the malware is not distributed through its website or server, but so far the company has not discovered an infection method.
In November 2018, the research team behind the so-called hacker project Wallet.fail at the 35C3 Refreshing Memories conference demonstrated how they hacked Trezor One, Ledger Nano S and Ledger Blue. Both manufacturers of hardware devices admitted to the detected vulnerabilities – while Trezor responded that updating the firmware would eliminate them, and Ledger said that they are not critical to his wallets.
In addition, in March of this year, Ledger published vulnerabilities in hardware wallets of Trezor, its main competitor.