It seems that hackers are deploying increasingly sophisticated malware to target cryptocurrency users. In the last couple of days, both Ledger users and big Asian companies have been targeted in separate attacks.
If any of our users own a Ledger, please be aware of the following phishing scam currently happening. Ledger Live AttackLedger announced a few days ago that they had detected a phishing attack on their Ledger Live desktop application.
This type of malware is called a phishing attack and is very common in hacking attacks on e-commerce companies and users, bagging millions, if not billions, of dollars, each year.
Ledger Live Malware – how does it work?
With details emerging, it appears that the following modus operandi is used: Step 1: Users’ computer security is compromised (it’s unknown how at present.) Step 2: Malware is implemented that replaces the official Ledger Live desktop app with a tampered-with and malicious version. Step 3: The compromised app claims that the user’s Ledger needs to be restored and therefore the user should provide the desktop app with their 24-word seed. Step 4: When a user complies and enters their unique seed, they give the hacker access to steal their whole investment within minutes.
Ledger Malware affects only desktop users
Ledger has been very proactive in handling this security issue, which at present seems to affect only a small number of its Windows desktop users, but it’s still a worrying issue nonetheless. Their Twitter account links to an old article that states that users should only reveal their 24-word phrases in case they want to clone a current hardware wallet or activate a new cold storage device. While the leading hardware wallet company assured their users that the phishing software did not originate from Ledger, nor did it affect the app’s intrinsic security or functionality, the problem remains that this malware can easily dupe inexperienced and even knowledgeable users into revealing their private data as it looks so authentic. And this problem won’t go away soon either. As long as a computer connects to the internet, it will always be susceptible to hackers who will exploit vulnerabilities and user ignorance to implement malicious software such as phishing scams and keyboard loggers.
New NSA-created Malware targeting companies
Yes, that’s right. The reason why many of these phishing malware are so sophisticated, is because they’re utilizing hacking tools that were developed by governmental security bodies such as the US’ National Security Agency (NSA). Only 2 days ago, Symantec released a report which claimed that a new malicious program called “Beapy” sends out infected Excel spreadsheets to users. Once company employees open them, the virus then spreads through a company’s whole computer network, using the dreaded “Double Pulsar” malware which was developed by the NSA, stolen and re-released as a virus, most notably during the infamous WannaCry ransomware attacks of 2017, where users were unable to unlock their machines without paying money to the hackers. Is a mobile app safer than a desktop app?In general, yes. There a number of reasons for a mobile environment is relatively much safer and more controllable. Here are a few:
How does CoolWallet keep users safe from phishing attacks?
Drawing on the knowledge base of our EVM-certified fintech parent company SmartDisplayer , CoolBitX are online banking security experts. Online security weaknesses and inconvenience some of the biggest reasons we why gave desktop computers a wide berth when we first developed the CoolWallet S. We therefore decided to build our hardware wallet to work exclusively with a smartphone, and to limit the risk of phishing attacks. Or maybe it was just because guys like John McAfee pioneered the first internet security solutions (much as we love colorful personalities like you John!) Our CoolBitX app for the CoolWallet S is only available on the official iOS and Android stores. By only using the official stores to download and install our trusted app, users can ensure their safety. Please, don’t ever use unauthorized sources to download a version of our “app”. While your funds will remain safe as our Secure Element will reject and not sign any fraudulent transactions, malicious parties could trick you into revealing your 12-24 phrase recovery seed. Please note, CoolWallet and CoolBitX will NEVER ask you for your seed recovery phrase.
0 Comments
Leave a Reply. |
CORWIN GROUPLatest News Archives
October 2021
CategoriesBy submitting this form, you provide consent for Corwin Group to email you occasionally with industry news and promotions. You may unsubscribe from these emails at any time.Testimonials & Disclaimer
Important Disclosure: By visiting this site, you agree to be bound by CorwinGroup’s Terms of Use and Privacy Policy. CorwinGroup.com is intended for accredited investors and otherwise qualified investors who understand and accept the risk associated with private investments. Investing in private investments on CorwinGroup involves risks, including, but not limited to market and industry risks, risks related to a specific property, currency fluctuation risk and liquidity constraints. Investments are not bank deposits and are not guaranteed. There is a potential for loss of part or ALL of the investment capital. CorwinGroup does not endorse any of the opportunities that appear on the site, nor does it make any recommendations regarding the appropriateness of particular opportunities for any investor. No correspondence or information provided on CorwinGroup.com or by any representative of CorwinGroup should be construed as a recommendation of a security. Each investor is advised to conduct his/her own due diligence as CorwinGroup does not provide any investment advice, business advice, or tax or legal advice. CorwinGroup is not registered under the Securities & Futures Act or the Financial Advisor’s Act. Neither the Securities and Exchange Commission in the country nor any federal or state securities commission or any other regulatory authority has recommended or approved of the investment or the accuracy or inaccuracy of any of the information or materials provided by or through the website. Please read Corwin’s Terms of Use for more detailed terms and conditions to which users of CorwinGroup are subject. |