Mac Users Beware: Fake Ledger Apps Are Being Used by Hackers to Steal Seed Phrases and Hack Accounts
Cybercriminals are targeting cryptocurrency owners with Apple Mac devices using a highly sophisticated piece of malware that hides in plain sight and aims to steal their seed phrases. A 'seed phrase' is a 12 or 24-word combination that allows anyone to load an existing wallet into a new device and gain access to all of the funds inside.
According to a recent report by security researchers Moonlock, there are currently four active campaigns distributing a fake Ledger Live app spoofing an official offering. The campaign has allegedly been active since August 2024, and although the report doesn't discuss how the victims end up downloading the fake Ledger Live app, it does detail how it works.
The malicious app replaces the existing, legitimate app, and then during the login process displays a fake error message. The "critical error" can only be remedied by submitting the 24-word seed phrase, which then immediately gets relayed to the attackers. As Moonlock explains, "This isn't just a theft. It's a high-stakes effort to outsmart one of the most trusted tools in the crypto world." "And the thieves are not backing down."
Users should take the news as a clear signal to stay alert," the researchers concluded, urging users to be wary of phishing emails, never share their seed phrases with anyone, and only download cryptocurrency wallet apps from legitimate sources.
A Warning From Ledger
In a written statement shared with TechRadar Pro, Ledger's CTO, Charles Guillemet, said the company is "seeing" malware campaigns targeting macOS users. He is urging them to always download Ledger Live exclusively from ledger.com. "If any interface asks for your seed phrase, it's a scam—no exceptions," Guillemet concluded.
The Ongoing Battle Against Cybercrime
Cryptocurrency users continue to be a major target for cybercriminals everywhere. In the US, users lost around $9.3 billion to various scams in 2024 alone, according to an FBI report, cited by CoinDesk. This represents a 66% increase compared to 2023.
A Call to Action
As the threat landscape continues to evolve, it's more important than ever for users to be vigilant and take steps to protect themselves. By being aware of the latest threats and taking simple precautions, such as downloading apps from trusted sources and never sharing sensitive information, users can significantly reduce their risk of falling victim to cybercrime.
About the Author
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning over a decade, he's written for numerous media outlets, including Al Jazeera Balkans.