|
Title: {Warning}: Phishing attempt Ledger Nano S/X Post by: Baofeng on October 26, 2019, 01:03:22 AM It was reported that another rounds of phishing email with regards to the so called security vulnerability of Ledger Nano has been spreading in the wild.
So, if you received such email below: Quote Legder - Wrong spelling SECURITY VULNERABILITY IMPORTANT: Ledger Nano S and Ledger Nano X SECURE RNG CHIP CRITICAL VULNERABILITY Inside Ledger hardware wallet, we use the Secure Element chip to generate and store the private keys for your crypto assets. Unfortunately, some chips, a limited number, were found to be defective by the external company commissioned by Ledger for the production. The problem identified concerns the lack of a correct source of entropy for use by the random number generator may lead to the generation of predictable sequences of numbers and therefore of private keys by malicious users. Ledger is actively working on the problem to replace all defective devices. Please check now if your device is defective with the Ledger SE tool. We apologize for the inconvenience. This mail was sent to you because your Ledger device could be faulty. Please download the Ledger SE Cecker tool below and check right now! Please do not download that executable. It is contains malicious code, so please be very very careful Code: PHISING - Ledger SE.exe https://i.ibb.co/3mmtZN6/Screen-Shot-2019-10-26-at-8-59-32-AM.png (https://ibb.co/7tt7mWM) https://www.virustotal.com/gui/file/ec61d516b476ea8ecd688364a25135a07b3fd5cf4536dc33ea58c1a5ecb8b1f8/detection Title: Re: {Warning}: Phishing attempt Ledger Nano S/X Post by: GSpgh on October 26, 2019, 01:14:17 AM I wonder what the actual danger is? Can the malware somehow bypass the PIN? I don't think so.
When I got my ledger the "apps" kind of worried me but its just an unfortunate name really, those apps are not like phone apps or anything, and cant have backdoors, can they? Title: Re: {Warning}: Phishing attempt Ledger Nano S/X Post by: DdmrDdmr on October 26, 2019, 10:24:22 AM Actually, @thefuzzstone has tweeted about it today, and posted it on Redddit (see https://www.reddit.com/r/CryptoCurrency/comments/dnb5lz/ledger_users_dont_be_fooled_by_phishing). On the provided link you can see the original email format.
What the .exe most likely does is what prior versions have done: draw you into typing your 24 word recovery phrase in order to restore your device to an alleged working state (see general ledger warnings on the topic https://support.ledger.com/hc/en-us/articles/360035343054-Beware-of-phishing-attempts). Title: Re: {Warning}: Phishing attempt Ledger Nano S/X Post by: hugeblack on October 26, 2019, 01:38:48 PM Please do not download that executable. It contains malicious code, so please be very very careful In short, be careful before you download any program or give permission to any program. some programs, although reliable, but weak protection, allowing scammers to exploit the vulnerabilities in some versions to attack them your legal wallet.If there are any problems related to the wallet, check the authenticity of the news from the official website and then search or ask here before downloading any application. It seems that the scammers have switched from attacking desktop wallets (electrum) to hardware wallets. Title: Re: {Warning}: Phishing attempt Ledger Nano S/X Post by: Jating on October 27, 2019, 11:03:48 AM Please do not download that executable. It contains malicious code, so please be very very careful In short, be careful before you download any program or give permission to any program. some programs, although reliable, but weak protection, allowing scammers to exploit the vulnerabilities in some versions to attack them your legal wallet.If there are any problems related to the wallet, check the authenticity of the news from the official website and then search or ask here before downloading any application. It seems that the scammers have switched from attacking desktop wallets (electrum) to hardware wallets. Trezor has been attacked too, so it's just a matter of time because scammers will go for another exploit here, (whether Electrum or desktop or hardware wallets) as long as they know that people are going to easily fall for it, those bad actors are going to exploit it. @GSpgh - the danger is downloading the said apps and believing that the email come from Ledger themselves. |
