Hackers using fake Ledger Live app to steal seed phrases and drain crypto
Cybercriminals are deploying fake Ledger Live apps to steal cryptocurrency from macOS users by using malware that captures seed phrases. The malware replaces the legitimate Ledger Live app and prompts users to enter their seed phrase via a deceptive pop-up. Initially, attackers could only access passwords and wallet details, but they have evolved to extract seed phrases and drain wallets. The Atomic macOS Stealer is a tool used to replace the real app and has been found on over 2,800 compromised websites. This malware campaign has been active since August, with multiple ongoing campaigns. Threats on dark web forums indicate that hackers are developing advanced anti-Ledger features. Users are advised to be cautious of any prompts requesting seed phrases and to only download Ledger Live from official sources.
