But if you don't type the seed on the device, then aren't you still safe? I mean the hack is if you download the fake ledger live, don't you still need to need to type your seed?
You can't type your seed on the device... because it doesn't work like a real ledger... it is essentially a USB thumb drive that looks like a Ledger.
The idea is that a victim plugs it in... and it opens up the folder showing the ledger.exe that they run... and then it asks for the seed. In an ideal world, the user is smart enough to remember that
you should never type your hardware wallet seed into any device that is not your hardware wallet itself and they will be fine.
However, we don't live in an ideal world and given how much money the nigerian princes are still making... there is probably a non-zero chance that someone will fall for something like this and lose coins.
I mean, "EvilMe"™ was just thinking:
1. Twitter/youtube giveaway ("ReallyEvilMe"™ looks over at "games and rounds" forum)
2. Send out fake devices, but promote it as a way to "migrate your current wallet to the security of a hardware wallet"
3. Get people to input their current 12/24 word seeds from their desktop/mobile/web wallets into your fake app.
4. Profit!
I would like to think that something like that wouldn't work... but "RealisticMe"™ knows otherwise.