More than likely that the phishing campaigns is directly related to the data breach (perhaps not limited to). There’s a person on Reddit that claims he received it on an email that he created specifically for dealing with Ledger (purchase presumably:
https://www.reddit.com/r/ledgerwallet/comments/jhrp95/is_this_mail_from_ledger_o_is_this_fishing/).
As people are commenting over the internet, the emails is well redacted, and is one of those that are not trivial to spot looking at neither the domain nor the grammar. The claim has a feasibility
ring to it in the context of the breach, although one needs to be always wary and never download anything from an email, but rather always visit the original site (and not from a link on the email, if present).
I’m trying to find a report on the malware that get’s installed. My guess is that it could be some sort of RAT or a Ledger Live clone, but the latter should prove rather more difficult to elaborate and set into motion.
Edit:
There’s an entry on the above provided Reddit link that states:
its freaking well done, u click on the link, it redirects u to the official ledger site, and at the same time automatically downloads of the scam ledger-live on the background --- newbies will fall for it, ledger should immediately send out an email
Ledger is being slow displaying information on their site about this specific phishing attempt, specially after their past data breach. The only thing I've found is this, and is generic and prior to this attemp (5 day old blog post):
https://www.ledger.com/ongoing-phishing-campaignsEdit2: The fake Ledger Live may be asking you to change your pin, and (classic here), requiring your 24 mnemonic in order to do so (see
https://peakd.com/ledger/@hatoto/your-ledger-wallet-may-be-compromised-ledger-phishing -> Google translate the last big paragraph).
If I had clicked the link and downloaded the software, I would have downloaded a malicious software update for Live Ledger. If I had installed this, I would have been asked to change the PIN of my hardware ledger after the start. This is only possible by entering my 24 secret words. This would have given the hackers my 24 secret words with which they could have fed their own hardware ledger so that they would actually have access to my credit.