According to a message dated April 25, the hardware cryptocurrency wallet vendor Ledger detected malware for its desktop application.
Ledger warned its users that a malicious program locally replaces the Ledger Live desktop application with a malicious one, and advised them to follow the security rules published on his blog. A Twitter ad specifically states:
“ATTENTION: we found malware that locally replaces the Ledger Live desktop application with malware. Users of infected computers are prompted to enter their 24-word recovery phrase after a fake update. ”
In a comment to the message, Ledger reported that malware infects only Windows machines, although the company reportedly found only one vulnerable device. Further, Ledger noted that malware cannot compromise users' computers or digital currency, but is only a phishing attack in an attempt to lure users to enter their recovery words from 24 words.
Ledger also pointed out that the malware does not come from its website or servers, but at that time the company did not detect the infection method.
Last December, a research group called the Wallet.fail hacker project said it was able to install any firmware on Ledger Nano S. While the team used this vulnerability to play Snake on the device , one of the members of the team that discovered the exploit claimed:
“We can send malicious transactions to ST31 [secure chip] and even confirm it ourselves [using software], or we can even go and screen another transaction [not the one that is actually sent].”
The team also demonstrated that it discovered a vulnerability in Ledger Blue, the most expensive hardware wallet produced by the company, which comes with a color touch screen. The researcher explained that the signals are transmitted to the screen with an unusually long trace on the motherboard, so he transmits these signals as radio waves.
When the USB cable is connected to the device, the aforementioned signal leaks become strong enough to be easily received from a distance of several meters.
After this statement, Ledger stated that the discovered vulnerabilities in his hardware wallets are not critical. The reason Ledger said the vulnerability is not critical is that “they failed to retrieve either the initial number or the PIN code on the stolen device”, and “confidential assets stored on a protected item remain safe” .