Bitcoin Forum
February 17, 2020, 06:22:18 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: {Warning}: Phishing attempt Ledger Nano S/X  (Read 84 times)
Baofeng
Hero Member
*****
Offline Offline

Activity: 1050
Merit: 788


View Profile
October 26, 2019, 01:03:22 AM
Merited by DdmrDdmr (1)
 #1

It was reported that another rounds of phishing email with regards to the so called security vulnerability of Ledger Nano has been spreading in the wild.

So, if you received such email below:

Quote
Legder - Wrong spelling

SECURITY VULNERABILITY

IMPORTANT: Ledger Nano S and Ledger Nano X SECURE RNG CHIP
CRITICAL VULNERABILITY

Inside Ledger hardware wallet, we use the Secure Element
chip to generate and store the private keys for your crypto
assets. Unfortunately, some chips, a limited number, were
found to be defective by the external company commissioned
by Ledger for the production. The problem identified
concerns the lack of a correct source of entropy for use by
the random number generator may lead to the generation of
predictable sequences of numbers and therefore of private
keys by malicious users.

Ledger is actively working on the problem to replace all
defective devices. Please check now if your device is
defective with the Ledger SE tool.

We apologize for the inconvenience.


This mail was sent to you because your Ledger device could
be faulty.

Please download the Ledger SE Cecker tool below and check
right now!

Please do not download that executable. It is contains malicious code, so please be very very careful

Code:
PHISING - Ledger SE.exe



https://www.virustotal.com/gui/file/ec61d516b476ea8ecd688364a25135a07b3fd5cf4536dc33ea58c1a5ecb8b1f8/detection

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
1581963738
Hero Member
*
Offline Offline

Posts: 1581963738

View Profile Personal Message (Offline)

Ignore
1581963738
Reply with quote  #2

1581963738
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
GSpgh
Sr. Member
****
Offline Offline

Activity: 535
Merit: 300


View Profile
October 26, 2019, 01:14:17 AM
 #2

I wonder what the actual danger is? Can the malware somehow bypass the PIN? I don't think so.

When I got my ledger the "apps" kind of worried me but its just an unfortunate name really, those apps are not like phone apps or anything, and cant have backdoors, can they?
DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 770
Merit: 3336


There are lies, damned lies and statistics. MTwain


View Profile WWW
October 26, 2019, 10:24:22 AM
 #3

Actually, @thefuzzstone has tweeted about it today, and posted it on Redddit (see https://www.reddit.com/r/CryptoCurrency/comments/dnb5lz/ledger_users_dont_be_fooled_by_phishing). On the provided link you can see the original email format.

What the .exe most likely does is what prior versions have done: draw you into typing your 24 word recovery phrase in order to restore your device to an alleged working state (see general ledger warnings on the topic https://support.ledger.com/hc/en-us/articles/360035343054-Beware-of-phishing-attempts).

hugeblack
Legendary
*
Online Online

Activity: 966
Merit: 1161


Avatar for Rent for 3 weeks. PM me


View Profile
October 26, 2019, 01:38:48 PM
 #4

Please do not download that executable. It contains malicious code, so please be very very careful
In short, be careful before you download any program or give permission to any program. some programs, although reliable, but weak protection, allowing scammers to exploit the vulnerabilities in some versions to attack them your legal wallet.
If there are any problems related to the wallet, check the authenticity of the news from the official website and then search or ask here before downloading any application.

It seems that the scammers have switched from attacking desktop wallets (electrum) to hardware wallets.

Jating
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 569



View Profile
October 27, 2019, 11:03:48 AM
 #5

Please do not download that executable. It contains malicious code, so please be very very careful
In short, be careful before you download any program or give permission to any program. some programs, although reliable, but weak protection, allowing scammers to exploit the vulnerabilities in some versions to attack them your legal wallet.
If there are any problems related to the wallet, check the authenticity of the news from the official website and then search or ask here before downloading any application.

It seems that the scammers have switched from attacking desktop wallets (electrum) to hardware wallets.
Or scammers simply looking for every chance they got in this crypto sphere.

Trezor has been attacked too, so it's just a matter of time because scammers will go for another exploit here, (whether Electrum or desktop or hardware wallets) as long as they know that people are going to easily fall for it, those bad actors are going to exploit it.

@GSpgh - the danger is downloading the said apps and believing that the email come from Ledger themselves.

.
.
.
▄███████████████████▄
█████████████████████
████████████▀▀░░░░███
███████████▌░░░░░░███
███████████░░░░██████
███████████░░░░██████
████████░░░░░░░░░░▐██
████████░░░░░░░░░░███

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

▀██████████░░░░█████▀
▄███████████████████▄
█████████████████████
█████████████████████
████▀██████▀░░░▀▀▄███
████░░▀▀███░░░░░░▄███
████▀░░░░░░░░░░░▐████
████▄░░░░░░░░░░░█████
█████▀░░░░░░░░░▄█████

████▀█▄░░░░░░░▄██████

█████▄░░░░░▄▄████████

█████████████████████

█████████████████████

▀███████████████████▀
▄███████████████████▄
█████▀▀▀▀▀▀▀▀▀▀▀█████
███░░░▄▄▄▄▄▄▄▄▄░░░███
██░░▄█████████▀▀▄░░██
██░░███▀▀░░░▀▀▄▄█░░██
██░░██▀░▄███▄░▀██░░██
██░░██░░█████░░██░░██
██░░██▄░▀███▀░▄██░░██

██░░███▄▄░░░▄▄███░░██

██░░▀███████████▀░░██

███░░░▀▀▀▀▀▀▀▀▀░░░███

█████▄▄▄▄▄▄▄▄▄▄▄█████

▀███████████████████▀
▄███████████████████▄
█████████████████████
█████████████████████
██████████████▀▀▀████
██████████▀▀░░░░▐████
██████▀▀░░░▄▀░░░█████
████░░░░▄▄▀░░░░▐█████
██████▄▐█░░░░░░██████

███████▌▌░░░░░▐██████

████████▄██▄▄░███████

█████████████████████

█████████████████████

▀███████████████████▀
.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!