Malicious Chrome extension advertised through Google ads as “Ledger Live” tries to steal BTC upon install

posted about 1 month ago
A malicious Chrome extension targeted owners of Ledger cryptocurrency wallets last week, Harry Denley, Director of Security at the MyCrypto platform discovered. A Chrome extension named Ledger Live imitates the real Ledger Live, a mobile and desktop app that allows Ledger wallet users to query their funds and approve transactions by syncing their hardware wallet with a trusted device.

"The extension makes no sense to install and use because it defeats the purpose of having a hardware wallet with your secrets offline… But I would not be surprised if it has got people to input their secrets. It's a big problem in the cryptocurrency area, to teach people their private keys/mnemonics should stay offline." The extension was available through the official Chrome Web Store as recently as Thursday March 5th, 2020, where it has already listed over 120 installs. Notably, the extension is heavily advertised via Google ads for the keywords "Ledger Live," the Ledger service it's trying to impersonate.
Tags: bitcoin, news