Malware, Threat Intelligence

Novel macOS malware campaign involves fraudulent Ledger apps

Privacy concept: pixelated words Malware on digital background, 3d render

Apps impersonating the widely used hardware-based cryptocurrency wallet Ledger have been harnessed to compromise macOS users' wallet seed phrases, BleepingComputer reports.

While initial attacks part of the campaign that commenced in August only involved apps allowing limited cryptowallet compromise, successful intrusions by the threat actor "Rodrigo" integrating the novel Odyssey macOS stealer within a bogus Ledger Live app to enable more extensive data exfiltration have since led to similar attacks with the Atomic macOS Stealer, or AMOS, according to findings from Moonlock Lab researchers. Most recent of the said intrusions entailed the stealthy deployment of a trojanized Ledger Live app with Rodrigo's phishing screens that sought to obtain 24-word seed phrases for cryptocurrency asset theft. Such a development follows a Jamf report detailing another phishing campaign exploiting the Ledger app to pilfer seed phrases, hot wallet configurations, browser information, and system details. Users have been urged to download Ledger Live only from its official website to prevent crypto theft.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds