Apps impersonating the widely used hardware-based cryptocurrency wallet Ledger have been harnessed to compromise macOS users' wallet seed phrases, BleepingComputer reports.
While initial attacks part of the campaign that commenced in August only involved apps allowing limited cryptowallet compromise, successful intrusions by the threat actor "Rodrigo" integrating the novel Odyssey macOS stealer within a bogus Ledger Live app to enable more extensive data exfiltration have since led to similar attacks with the Atomic macOS Stealer, or AMOS, according to findings from Moonlock Lab researchers. Most recent of the said intrusions entailed the stealthy deployment of a trojanized Ledger Live app with Rodrigo's phishing screens that sought to obtain 24-word seed phrases for cryptocurrency asset theft. Such a development follows a Jamf report detailing another phishing campaign exploiting the Ledger app to pilfer seed phrases, hot wallet configurations, browser information, and system details. Users have been urged to download Ledger Live only from its official website to prevent crypto theft.
While initial attacks part of the campaign that commenced in August only involved apps allowing limited cryptowallet compromise, successful intrusions by the threat actor "Rodrigo" integrating the novel Odyssey macOS stealer within a bogus Ledger Live app to enable more extensive data exfiltration have since led to similar attacks with the Atomic macOS Stealer, or AMOS, according to findings from Moonlock Lab researchers. Most recent of the said intrusions entailed the stealthy deployment of a trojanized Ledger Live app with Rodrigo's phishing screens that sought to obtain 24-word seed phrases for cryptocurrency asset theft. Such a development follows a Jamf report detailing another phishing campaign exploiting the Ledger app to pilfer seed phrases, hot wallet configurations, browser information, and system details. Users have been urged to download Ledger Live only from its official website to prevent crypto theft.