Bitcoin Forum

Regarding this article: https://www.ledger.com/blog-ledger-connect-browser-extension-is-coming-soon-sign-up-for-the-beta where BROWSER EXTENSION IS COMING SOON, and that news is May 2022, because I need that extension and think today is January 2023 that maybe is launched, then i search it on google and found this:

https://iili.io/HaZJMXe.md.png (https://freeimage.host/i/HaZJMXe)

then, I installed it on my chrome browser, after installing it, I tried to connect my new ledger nano x to the extension,

https://iili.io/HaZd4t9.md.png (https://freeimage.host/i/HaZd4t9)

But what makes me worry to continue is, the picture below;

https://iili.io/HaZ2xoX.md.png (https://freeimage.host/i/HaZ2xoX)

Yes, I don't continue it, because i know it's 100% a scam, because I already connected to ledger nano x, but this site ask me again to input my 24 mnemonic seed into the website. My ledger has 24 seeds inside, that pretty sure we don't need to write it again on any site or any browser.

So be careful, in my experience, a newbie and beginner must watch his step before downloading anything in Internet. and I know out there are too many scammers watching your wallet to steal your fund.

If you look more careful, it's not developed by Ledger, instead it's done by a random no-name developer.
Also if you look careful, it's categorized as fun/game, and the description is about some game where you do fishing.
So if you are just a little careful, it's clear that's not the extension you would need.

On the other hand, if it's asking for the seed words.. it must be reported.

Not sure where Google redirected you to, but one should really go the original website and get the download link from there. In this case, one won’t be able to find it on the Ledger site (the article referenced in the OP announcing a work on progress for IOS Safari, not Chrome), so that should be a clear cue. Fake Ledger Chrome extensions have been around (https://cointelegraph.com/news/ledger-wallet-warns-of-fake-google-chrome-extension-stealing-crypto) on and off for some time, following the same pattern: asking for your seed. In fact, Ledger discontinued all Chrome apps (https://support.ledger.com/hc/en-us/articles/360007534774--Ledger-Chrome-apps-deactivated?docs=true) in 2022.

The one thing I’d be worried about now is not having installed any additional malware as a by-product of installing the fake extension mentioned in the OP.

Heck, I don't even recommend using the official Ledger Live software besides probably for updating the firmware. It's so slow and bloated with unnecessary BS that I hate it so much for making transactions.

Quick reminder that you can connect your Ledger HW with wallets like Wasabi/Electrum/MetaMask.

This is how hasty with the installation of the extension (which has not yet been released), you can easily part with your savings. Ledger also say on their website that this is only a beta version. What prompted you to check out this fake extension? If you wanted to show the community and warn newcomers, then this is a noble deed. It never hurts to remind that don't need to enter the seed-phrase ANYWHERE (except for the trusted wallet).

If possible, then need to give the lowest rating to the fake extension and indicate in the comments that it is a fake and need to stay away.

This is nothing new and we saw scam extensions like this many times before, and only thing we could do is to report them Chrome Web Store, and download wallets only from official websites.
I think it's much safer to use Firefox, fork called Librewolf, or Tor browser to avoid scams like this, since most scam extensions are released for Chromium based browsers.
It's better to keep installed browser extensions at minimum, and maybe use uBlockOrigin to hide phishing scam ads.

 

I don't look at who the developer carefully after installing and site ask the mnemonic seed, may be will different when they don't ask it and put the malware into my ledger then hacked it. Is possible that they hacked my ledger while connected to the extension without I write my seed?, if yes, I have to factory reset my ledger and create a new seed.

Get into the habit of verifying everything that you install. If it doesn't have the option of verifying with a signature, ask why. Any self respecting developer, especially when it comes to security oriented things will want to sign their releases for their own peace of mind.

This is why, I usually don't like advocating for users to install anything off of Software Center or anything equivalent in other operating systems. If installing from a command line, keys should still be imported, and verified.

I would conclude that even many who are not beginners should be very careful with what they wish for, because any such extension (even a legitimate one) is nothing but a risk. When I read how many people mess with various browser add-ons and cryptocurrencies, I wonder if they even understand that the security and ease of having everything at their fingertips is not something that should be put in any browser.

---

When someone writes something without even reading the article they linked to, you wonder how many people even pay attention to details.


The OP realized that the extension was a scam, but he installed it anyway and maybe picked up another unwanted guest - maybe some clipboard malware or something similar. In any case, I would recommend that the OP scans his computer with some serious AV, and we all know that the only way to be sure is to format the disk - but that's still up to him to decide.

Using the official website alone to download the links will guarantee you for downloading an official application. This info is a nice find because a newbie user of ledger X might be a victim of this extension if he/she didn’t know how hardware wallet works because the typical web 3 wallet sign in is through inserting seed phrase on the wallet.

Reporting the fake ledger live extension is the best thing to do on this case.

Yeah, I'd personally consider the machine compromised. Although, that's up to the OP, and their personal threat model. Since it was executed, there could be underlying things attached to that. However, it probably was a script kiddie attempt of scamming a few people, and probably wasn't all that sophisticated. This is why I like virtual isolation at the very least. Virtual machines or a operating system dedicated to it; like Qubes OS. However, Linux usually offers some sort of protection from unwanted programs doing unwanted things. Not always though.

It could be fine, and probably is fine. However, I'd be at least wiping that hard drive, and reinstalling everything.

If you do not plan to be careful when using the hardware wallet, the false sense of security that these devices provide may lead you to have your funds hacked.
Hardware wallets are designed to provide maximum security, so if you are not careful when you connect them to an internet-connected device, there is no difference between them and hardware wallets.


Now you need to delete that addition and restore the operating system to the nearest point before installing it, and if you have a large amount of money, it is better to reinstall your OS.

Why would a browser extension request a seed that was not generated there? For example, we can create a seed in Metamask and then enter it when we restore our wallet. But why do we need to enter our ledger device seed in order to use Ledger wallet browser extension? This is a fairly common question. If you find this answer, it is almost certainly a scam. That means we have to use our heads when it comes to money. Ignore fake extensions and always download from the official website.

That worried me, Reinstalling OS is need a lot of time to do, and must reinstall again application windows. I just heard if the hardware wallet is safe if the PC has malware and virus. I don't know if is it still possible today? because that main function of hardware wallet.

Regarding for this also, https://nftevening.com/ledger-connect-meet-the-web3-browser-extension-of-the-future/
Many people interested to try web3 on ledger and searching it because this is early of 2023.

It sure helps a lot, but that alone is not a complete safeguard, as there are other vectors of attack that are viable regardless. You may have installed some clipboard jacker software on your computer as a by-product, which could change a destination address when you plan to send BTC (i.e. you copy the address from a given site, and paste in on your legit Ledger Live). If you follow the procedure through as usual, believing that the hardware wallet is your absolute safeguard to any and all malware, then you could end up sending bitcoins to the address you weren’t intending to.

Then at least scan the computer with a good AV, and I recommend that you also download Malwarebytes and also do a complete computer scan - so even then you can't be sure that you don't have something malicious, it's still better than doing nothing.

Several good tools that you can try, with a note that it is recommended to scan in safe mode - and you can find how to start it online, depending on which version of the OS you are using.

https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-scan-in-safe-mode/bd1e9067-253a-4703-bf91-4d90965cead5

I don't understand why people like to use Google for searching information (acceptable) to applications / softwares (unacceptable). If they want to download any software, application, extension, make sure to start with official websites, not with Google search.

Officially visit websites & download apps, not fake ones. (https://bitcointalk.org/index.php?topic=5259689.msg54725580#msg54725580)

This is the habit (my habit also). We can't blame them because it's old fashioned for a long time ago that can't be removed it with fast.
Google search is our friend to find anything we don't know in past. but today after working and being a family with crypto, they and I have tried to leave my old friend (google search), because today, that old friend be hit himself, and many scammers entrenched on search engines.

These fake extensions have been here but the problem arises when we don't verify these things and simply continue on inputting our seed phrases giving hackers direct access to our wallet eventually draining our wallets out of funds.

As @NeuroticFish already said it's categorised under fun so if you care to look it carefully you would easily expose these types of scams but @OP you have done good job making others aware about it as newbies or even some holders get trapped into such links while seeing it from Ledger without verifying that whether site is legit or not.

WOW! what a way of scamming people. You can check the extension is not from the ledger and what is the use of this extension I don't get it.
You realize their intention quickly before doing any mistakes, good for you. Also, you have done the right thing in posting this on this board.

I mean, since you already read that article, you can just simply scroll down and click the link to see whether the extension is live or not. Most of the time developers will simply redirect you to a download page if the extension is live. Not to mention you are reading an official blog, where you can simply click home and you'll get redirected to the Ledger home page and search for the extension there.

I do agree that Google is terrible if you want to search for legit apps. Scammers can buy an ad slot or keywords and they will show up on top of the search result. Should never use them to find apps or extensions, just check the developer page. There is no end to fake extensions, this won't be the last, and more of them will come whether you use Google search or not.

Is there any survey where people were asked whether they are interested in Web3 from Ledger or something similar? I never heard about it, at least I don't see any articles from news sites that I followed. Anyway, they should've known by now that relying on Google search to download apps is terrible. Many websites already post news about it, whether it is related to crypto or not. Such as this one (https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/).

I don't like installing browser extensions and add-ons on my browsing software, they get compromised easily because it's hard to tell which is safe and which is not safe, for the fact that you can use metamask wallet in your browser as extension makes me stayed away from installing metamask, the fastest way you can lose your asset on PC is using browser extensions and keeping your assets on a crypto wallet that works as a plug-in on your browser.