What this malicious site seemingly does, is clone Ledger’s real website, keeping most of the pointers still redirecting to the proper site,
except for the download options related to Ledger Live for Desktops, where the file you’ll obtain is downloaded from their own website (i.e. not redirected to the original site). Specifically, all three entries (Windows app, Mac app, Linux app)
point to the same file (each entry should link to a different platform-based file).
I’ve carefully downloaded the file (not a recomended practice), and VirusTotal does not report anything on the file itself. In fact, it has exactly the same file information as the download from the legit Ledger site. I've checked the SHA-512, for the downloaded file from both the legit site and the cloned site, and the file currently renders the same SHA-512 in both cases:
861bce8795f50c0b545ba8a51047f8e7b3ba38fdacefc3eb2eebbcda4b8d68ff1999af4df3f5759
6d770bcb7cc821449c6b675edf40d309e7da0437a9611b84c
Which is correct according to
https://ledger-live-tools.now.sh/lld-signatures, where I arrived from within
https://github.com/LedgerHQ/ledger-live-desktop.
It is
seemingly pointing currently to the proper version,
but that can be changed in a second, and a rouge version could be deployed instead anytime.
