TravelMug (OP)
|
|
March 23, 2020, 06:06:33 AM Last edit: October 19, 2023, 04:20:56 AM by TravelMug Merited by OgNasty (2), kotajikikox (2), DdmrDdmr (2), klarki (1), Lucius (1), Baofeng (1), hosseinimr93 (1), sujonali1819 (1), dkbit98 (1), The Cryptovator (1), Symmetrick (1) |
|
Fake Ledger Live listed on official Chrome Web Store again, and the sad part is that you can use the search term "Ledger Live" in Google and the first thing that will pop up is this malicious chrome extension, through Google Ads.
Actual images in Chrome Web Store Extensions:https://chrome.google.com/webstore/detail/ledger-live/pedoikjokpjgkpmideineekfbclpnfjg - offline https://chrome.google.com/webstore/detail/ledger-live/bhkcgfbaokmhglgipbppoobmoblcomhh - offline https://chrome.google.com/webstore/detail/ledger-live/dehindejipifeaikcgbkdijgkbjliojc - offlne https://chrome.google.com/webstore/detail/ledger-live/lfaahmcgahoalphllknbfcckggddoffj - offline https://chrome.google.com/webstore/detail/ledger-wallet/pbilbjpkfbfbackdcejdmhdfgeldakkn - offline https://chrome.google.com/webstore/detail/ledger-live/lioleonlclpcopelljclgccbojefmeaj - offline https://chrome.google.com/webstore/detail/ledger/afephhbbcdlgdehhddfnehfndnkfbgnm - offline
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
mk4
Legendary
Offline
Activity: 2870
Merit: 3875
Paldo.io 🤖
|
Fake Ledger Live listed on official Chrome Web Store again,
We can't really expect things like this to go away any time soon. The Google ads platform is simply easily exploitable. Anyway, I suggest everyone to spend a few extra minutes to report this ad: https://support.google.com/google-ads/contact/vio_other_aw_policyAlso, use an ad blocker.
|
Curated Crypto Airdrop Database
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2450
Merit: 10991
There are lies, damned lies and statistics. MTwain
|
|
March 23, 2020, 09:36:27 AM |
|
Besides reporting the Ad, we can also report the Chrome extension itself on the extension’s webpage (on the right hand side of the screen we’ll find a section called "Additional Information", and the first entry within, "Report Abuse" leads you here: https://chrome.google.com/webstore/report/pedoikjokpjgkpmideineekfbclpnfjg?hl=en-US&gl=UA). Actually, of we click "Related" on the extension webpage, we’ll see like 5 more entries created this month that are similar in nature (probably the same malware product registered multiple times under different names).
|
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1598
|
|
March 23, 2020, 10:36:48 AM |
|
Haha, and months ago when I tried telling someone that Google is still not taking the advertisement check seriously before they let advertisers publish an ad, I was met with "they actually do!". They don't do shit. Guess we have to get used to these. Looks as if Google wants to intentionally let crypto scams live on the web's first sight. Remember when Twitter was absolutely entirely spammed with crypto scams? Why did it take so long for them to take action? I sometimes get fake exchange domains when I look up one (e.g. I get ".com" instead of ".org").. but yeah, sometimes adblocking saves a lot of your time. Tip for newcomers: always check multiple times through OFFICIAL websites whether what you're downloading is a legit source or not. Even if you have adblock - that doesn't make all scams vanish away. Better check 5 times and be safe than be lazy and have your data and money stolen.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3374
Merit: 6066
Crypto Swap Exchange🈺
|
|
March 23, 2020, 11:32:20 AM |
|
Another reason to move away from Google, especially Chrome and start to use Firefox or any other browser. Firefox + AdBlock will completely protect you from such attempts, and with a little common sense from everything else.
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
|
|
|
|
asu
Legendary
Offline
Activity: 1302
Merit: 1136
|
|
March 23, 2020, 12:21:43 PM |
|
OP, here another new one. https://chrome.google.com/webstore/detail/ledger-live/lioleonlclpcopelljclgccbojefmeaj Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
By looking at the said Overview - It's most likely like that. Don't install it newbies!Using Ledger Live extension you can safely check your balance, send and receive up to 23 different coins and ERC-20 tokens through one single extension. Check your balance in real-time.
|
|
|
|
LTU_btc
Legendary
Online
Activity: 3192
Merit: 1364
Slava Ukraini!
|
|
March 23, 2020, 08:41:11 PM |
|
Another reason to move away from Google, especially Chrome and start to use Firefox or any other browser. Firefox + AdBlock will completely protect you from such attempts, and with a little common sense from everything else.
I agree that Firefox is better choice than Chrome, but I'm not sure that it would protect from such scam attempts. I'm away from PC now, so I can't check, but I think that these ads on Google search results are still shown even with adblock. Though, Firefox addon store is better than Chrome, because before uploading addon, it have to be verified by Firefox. We rarely can hear about dangerous addons on Firefox.
|
|
|
|
mk4
Legendary
Offline
Activity: 2870
Merit: 3875
Paldo.io 🤖
|
|
March 24, 2020, 03:51:31 AM |
|
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
I'm going to bet that it's this one as per usual. Doing social engineering attacks is simply the simplest and probably the most effective, compared to going the malware/virus route whereas it could be a hit or miss.
|
Curated Crypto Airdrop Database
|
|
|
Lucius
Legendary
Offline
Activity: 3374
Merit: 6066
Crypto Swap Exchange🈺
|
|
March 24, 2020, 11:35:31 AM |
|
I'm away from PC now, so I can't check, but I think that these ads on Google search results are still shown even with adblock.
With keywords "Ledger Live" I get 6 blocked sites (uBlock) and official Ledger site on top (using Firefox+Google search). So I'm sure the thing works, and that AdBlock has a key role to play for anyone who's used to searching the Internet that way. Of course, this does not fit Google who sells their ads by serving them at the top of search results, but given that they do not have effective verification mechanisms, there is nothing but to block them and surf in much safer way. As far as I can remember, Google plans to disable AdBlock in Chrome, which is one more reason to find an alternative browser.
|
|
|
|
LbtalkL
|
|
March 24, 2020, 12:45:45 PM |
|
Another reason to move away from Google, especially Chrome and start to use Firefox or any other browser. Firefox + AdBlock will completely protect you from such attempts, and with a little common sense from everything else.
I agree that Firefox is better choice than Chrome, but I'm not sure that it would protect from such scam attempts. I'm away from PC now, so I can't check, but I think that these ads on Google search results are still shown even with adblock. Though, Firefox addon store is better than Chrome, because before uploading addon, it have to be verified by Firefox. We rarely can hear about dangerous addons on Firefox. Ad blockers like adblock or adblock plus do not really block google ads, I have tested it before but some recommended me uBlock Origin is much better it will completely block it just like Lucius said. I guess if chrome removes ad blockers on extension they will lose a lot of users. If that happens I plan to shift on brave browser I heard they have built it blockers but I didn't test it on PC yet.
|
|
|
|
libert19
|
|
March 25, 2020, 03:43:19 AM |
|
Haha, and months ago when I tried telling someone that Google is still not taking the advertisement check seriously before they let advertisers publish an ad, I was met with "they actually do!". They don't do shit.
They probably don't give a F cause they get revenue by selling ads, one should never click on ads anyway.
|
|
|
|
joniboini
Legendary
Offline
Activity: 2324
Merit: 1804
|
|
March 25, 2020, 03:52:13 AM |
|
Ad blockers like adblock or adblock plus do not really block google ads,
Can vouch for this. Even if you turn off allow acceptable ads, some Google ads in the search area will still show up. Well, being cautious is always the best protection. Never depends too much on tools and use common sense to filter out the bad guys.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1598
|
|
March 25, 2020, 09:38:13 AM |
|
They probably don't give a F cause they get revenue by selling ads, one should never click on ads anyway.
They would give a fuck if it was about other type of scams but crypto. They made these ads look so similar to the search results I sometimes click on the ads instead of the results without willing to, but now I've moved away from Google. Fuck them, if they don't want to take action against crypto scams and they'd rather help the scammers make other new victims then I'd rather not use their services. Feels safer to use DuckDuckGo and completely free (as in freedom) software on your computer anyway.
|
|
|
|
kotajikikox
Full Member
Offline
Activity: 2520
Merit: 215
★Bitvest.io★ Play Plinko or Invest!
|
|
March 26, 2020, 12:50:56 PM |
|
I found a new one, https://chrome.google.com/webstore/detail/ledger/afephhbbcdlgdehhddfnehfndnkfbgnm
|
|
|
|
TravelMug (OP)
|
|
March 26, 2020, 06:18:35 PM Last edit: October 19, 2023, 04:19:03 AM by TravelMug |
|
Has anyone tried out what this extension actually does (not a smart move I know)? Is it a classic scam "Type your seed" or maybe the extension has a clipboard malware function as well?
No, the extension doesn't have a clipboard malware. I did open up the loader.js and found out that once you type your seed it will be posted to https://ledger.productions/api_v1/ here is the snippet of the code, @asu, @kotajikikox - thanks for the contribution, added them up.
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
TravelMug (OP)
|
|
March 29, 2020, 01:02:58 AM |
|
It looks like all of the reported malicious extensions have been taken off-line already.
Thanks to those who have reported it. I'm locking this thread now, will re-open if there are new releases of Ledger Live fake extensions.
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
TravelMug (OP)
|
|
April 02, 2020, 04:52:26 AM |
|
I'm just re-opening the thread because hackers are not yet done. The sad part is, somewhat has fallen victims. https://www.reddit.com/r/CryptoCurrency/comments/fqjyy3/please_beware_14000_xrp_stolen_from_ledger/
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
Baofeng
Legendary
Offline
Activity: 2730
Merit: 1675
|
|
April 02, 2020, 10:58:21 AM |
|
I'm sad to hear that someone falls for this trick, and it involved huge money. And especially in the crisis that we are in right now, you can't help but feel emotional to those who lost their hard earn money from those scammers. So I do hope that with this kind of warning from the community, no one here will be another statistics in the growing list of victims.
|
RAZED | │ | ███████▄▄▄████▄▄▄▄ ████▄███████████████▄ ██▄██████▀▀████▀▀█████▄ ░▄███████████▄█▌████████▄ ▄█████████▄████▌█████████▄ ██████████▀███████▄███████▄ ██████████████▐█▄█▀████████ ▀████████████▌▐█▀██████████ ░▀███████████▌▀████████████ ██▀███████▄▄▄█████▄▄██████ █████████████████████████ █████▀█████████████████▀ ███████████████████████ | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ███████████████████ | RAZED ORIGINALS SLOTS & LIVE CASINO SPORTSBOOK | | | NO KYC | | │ | RAZE THE LIMITS ►PLAY NOW |
|
|
|
Lucius
Legendary
Offline
Activity: 3374
Merit: 6066
Crypto Swap Exchange🈺
|
|
April 02, 2020, 02:32:24 PM |
|
People do stupid things, especially if they are infected with a virus (like the woman from the Reddit post), which is completely unaware of the situation with the Ledger Chrome App. Not using Nano S from 2018 and not check what is new, or making a newbie mistake and type seed words in app? So how many times should it be repeated that these words should be not entered anywhere except in the device itself?
Human stupidity is endless, this is just another example - but 14 000 XRP is just $2400 which is a tolerable loss, of course, depending on where you live.
|
|
|
|
|