Security researchers spot fake Ledger Live app targeting Mac users

The app replaces the legitimate one and shows a fake critical error

The error requires the user to submit their 24-word seed phrase

Cybercriminals are targeting cryptocurrency owners with Apple Mac devices using a highly sophisticated piece of malware which hides in plain sight and aims to steal their seed phrases.

A ‘seed phrase’ is a 12 or 24-word combination that allows anyone to load an existing wallet into a new device and gain access to all of the funds inside.

In a new report, security researchers Moonlock said there are currently four active campaigns distributing a fake Ledger Live app spoofing an official offering which allows users to send, manage, and track their crypto portfolio.

"High-stakes effort"

The campaign has allegedly been active since August 2024, and although the report doesn’t discuss how the victims end up downloading the fake Ledger Live app, it does detail how it works: It replaces the existing, legitimate app, and then during the login process displays a fake error message.

The “critical error” can only be remedied by submitting the 24-word seed phrase which then immediately gets relayed to the attackers.

“This isn’t just a theft. It’s a high-stakes effort to outsmart one of the most trusted tools in the crypto world,” Moonlock explains. “And the thieves are not backing down.”

“Users should take the news as a clear signal to stay alert,” the researchers concluded, urging users to be wary of phishing emails, to never share their seed phrases with anyone, and to only download cryptocurrency wallet apps from legitimate sources.

Cryptocurrency users continue to be a major target for cybercriminals everywhere - in the US, users lost around $9.3 billion to various scams in 2024 alone, CoinDesk said, citing an FBI report, a 66% increase compared to 2023.

Via BleepingComputer