Breaking
June 2, 2025

Moonlock Reports New Malware Campaign Targeting Ledger Hardware Wallets Maisie Morrison | usagoldmines.com

TLDR

  • Cybercriminals are using fake Ledger Live apps to steal crypto from macOS users by replacing the real app with malicious clones
  • The malware prompts users to enter their seed phrases through fake security alerts, then sends this data to attacker-controlled servers
  • Atomic macOS Stealer has been found on at least 2,800 hacked websites and is being used to distribute these fake Ledger apps
  • Moonlock has tracked at least four active malware campaigns since August targeting Ledger users
  • Dark web forums show growing chatter about “anti-Ledger” schemes, with threat actors advertising specialized malware tools

Cybercriminals have developed sophisticated malware that replaces legitimate Ledger Live applications on macOS devices to steal cryptocurrency. The fake apps trick users into revealing their seed phrases through convincing security alerts.

Cybersecurity firm Moonlock discovered the malware campaign in a May 22 report. The malicious software completely replaces the real Ledger Live app on victims’ computers. Once installed, it displays fake pop-up messages claiming suspicious activity has been detected on the user’s wallet.

The fake alerts prompt users to enter their 24-word seed phrase for verification. When users comply, the malware immediately sends this sensitive information to servers controlled by the attackers. This gives criminals complete access to drain the victim’s cryptocurrency wallets within seconds.

Moonlock researchers found that attackers initially could only steal passwords and wallet details. However, the criminals have evolved their methods over the past year. They now focus specifically on extracting seed phrases, which provide complete wallet access.

How the Attack Works

The primary delivery method involves Atomic macOS Stealer malware. This software has been discovered on at least 2,800 compromised websites according to Moonlock’s investigation. The stealer first infects the target device through these malicious sites.

After successful infection, Atomic macOS Stealer collects personal data including passwords and notes. It then locates and removes the legitimate Ledger Live application. The malware replaces it with an identical-looking fake version that contains the malicious code.

The replacement happens seamlessly without alerting the user. Most victims remain unaware that their Ledger Live app has been compromised. The fake app functions normally until it triggers the fraudulent security alert.

Campaign Timeline and Scope

Moonlock has been monitoring this specific malware campaign since August 2024. Researchers have identified at least four separate active campaigns targeting Ledger users. The attacks appear to be increasing in frequency and sophistication.

Dark web forums show growing discussion about “anti-Ledger” schemes among cybercriminals. Threat actors are actively advertising malware tools with specialized features for targeting Ledger hardware wallet users. However, some advertised tools examined by Moonlock lacked the full functionality promised by sellers.

The cybersecurity firm believes these missing features may still be under development. Future updates to the malware could include more advanced anti-Ledger capabilities. This suggests the threat will likely continue evolving.

Prevention and Security Measures

Security experts recommend several steps to avoid these attacks. Users should be suspicious of any message requesting their 24-word recovery phrase. Legitimate services never ask users to enter seed phrases through pop-up alerts or websites.

Download Ledger Live only from official sources to avoid compromised versions. Users should also regularly verify their app installations and be cautious when visiting unfamiliar websites. Any unexpected security alerts should be verified through official Ledger support channels before taking action.

Moonlock’s research shows criminals are specifically targeting the trust users place in Ledger’s reputation. The attacks exploit users’ confidence in the Ledger brand by creating convincing replicas of the official software.

The cybersecurity firm has tracked this campaign for eight months with no signs of it slowing down. Dark web activity suggests more sophisticated attacks targeting Ledger users are being planned for future deployment.

The post Moonlock Reports New Malware Campaign Targeting Ledger Hardware Wallets appeared first on Blockonomi.

 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

Crypto Trader Loses $100 Million in Leveraged Bitcoin Position on Hyperliquid Maisie Morrison | usag...

MicroStrategy CEO Says Proof-of-Reserves Create Security Risks for Bitcoin Companies Maisie Morrison...

Bitcoin Pioneer Adam Back Puts $1.4M Behind Swedish Firm’s Crypto Treasury Bet Maisie Morrison | usa...

Uniswap Foundation Reports First Quarter 2025 Revenue of $140.3 Million Maisie Morrison | usagoldmin...

Hyperliquid Exchange Hosts Record $1.1 Billion Bitcoin Long Position at 40x Leverage Maisie Morrison...

Strive Targets 75,000 Bitcoin Acquisition Through Mt. Gox Claims Maisie Morrison | usagoldmines.com

DigiAsia Corp Stock Jumps 90% Following $100M Bitcoin Treasury Announcement Maisie Morrison | usagol...

Metaplanet Acquires 1,004 Bitcoin for $104 Million, Total Holdings Reach 7,800 BTC Maisie Morrison |...

Coinbase to Join S&P 500 Index on May 19, First Crypto Company to Achieve Milestone Maisie Morri...

Animoca Brands Prepares for New York Listing as US Crypto Regulation Softens Maisie Morrison | usago...

Metaplanet Acquires 1,241 Bitcoin for $126.7 Million, Surpasses El Salvador’s Holdings Maisie Morris...

Robinhood Considers Solana and Arbitrum for Tokenized Securities Platform in Europe Maisie Morrison ...

BlackRock Bitcoin ETF Records 16 Days of Consecutive Inflows as BTC Tests $97K Maisie Morrison | usa...

Movement Labs Leadership Overhaul: Co-founder Terminated, Token Price Falls 10% Maisie Morrison | us...

Metaplanet Acquires 555 More Bitcoin as US-China Trade Talks Set to Resume Maisie Morrison | usagold...

eToro Targets $4 Billion Valuation in Upcoming Nasdaq IPO Maisie Morrison | usagoldmines.com

Dubai Family Office Funds $8.8B Maldives Blockchain Hub Project Maisie Morrison | usagoldmines.com

Strategy Reports 13.7% Bitcoin Yield in Q1 2025 Despite Missing Wall Street Estimates Maisie Morriso...

Metaplanet’s Bitcoin Buying Spree Heats Up with New US Subsidiary and $23M Raise Maisie Morrison | u...

North Korean Operative Exposed During Kraken Exchange Job Interview Maisie Morrison | usagoldmines.c...

Strategy Stock Rises 32% in April Before Q1 2025 Earnings Report Maisie Morrison | usagoldmines.com

Grayscale Bitcoin Adopters ETF Debuts as Corporate BTC Holdings Reach 750,000 Maisie Morrison | usag...

Trump Tower Dubai to Accept Cryptocurrency for $1B Luxury Condo Project Maisie Morrison | usagoldmin...

Metaplanet Reaches 5,000 Bitcoin Milestone, Now Holds $428 Million in BTC Maisie Morrison | usagoldm...

ZKsync Recovers $5.7 Million in Stolen Crypto After Bounty Negotiation Maisie Morrison | usagoldmine...

Jack Mallers to Lead Twenty One Capital with 42,000 Bitcoin Treasury Maisie Morrison | usagoldmines....

PayPal to Offer 3.7% Yield on PYUSD Stablecoin Starting Summer 2025 Maisie Morrison | usagoldmines.c...

Tesla Reports $951M in Bitcoin Holdings as Q1 Revenue Falls Short of Estimates Maisie Morrison | usa...

Bitcoin Bulls Unite: Cantor Fitzgerald’s $3 Billion Crypto Power Move Maisie Morrison | usagoldmines...

Trump Media Signs Agreement with Crypto.com to Launch “Made in America” ETFs Maisie Morrison | usago...

Strategy Acquires 6,556 Bitcoin for $556 Million, Total Holdings Reach 538,200 BTC Maisie Morrison |...

North Korean Hackers Converted 84% of Stolen Bybit ETH to Bitcoin Maisie Morrison | usagoldmines.com

Metaplanet Acquires 330 More Bitcoin, Total Holdings Reach 4,855 BTC Maisie Morrison | usagoldmines....

Binance Allocates 1,500 Staff to Help Nations Develop Crypto Reserve Frameworks Maisie Morrison | us...

Strategy Acquires 3,459 Bitcoin for $285.8 Million, Total Holdings Reach 531,644 BTC Maisie Morrison...

Michael Saylor Hints at New Bitcoin Acquisitions for MicroStrategy Maisie Morrison | usagoldmines.co...

Metaplanet Acquires $26.3 Million in Bitcoin, Plans 470% Holdings Increase by Year-End Maisie Morris...

Meta Whistleblower to Testify About Company’s Secret AI Cooperation with China Maisie Morrison | usa...

Strategy Reports $5.91 Billion Unrealized Bitcoin Loss in Q1 2025 Maisie Morrison | usagoldmines.com

Strategy Reports $5.91 Billion in Unrealized Bitcoin Losses for Q1 2025 Maisie Morrison | usagoldmin...

BlackRock CEO Larry Fink Predicts Possible 20% Further Market Decline Maisie Morrison | usagoldmines...

Gemini Exchange Leases Miami Office Space as SEC Case Paused Maisie Morrison | usagoldmines.com

Elon Musk’s X Faces Billion-Dollar EU Fine Over Content Moderation Failures Maisie Morrison | usagol...

Trump Media Stock Falls After SEC Filing for Potential Share Sale Maisie Morrison | usagoldmines.com

OnlyFans Founder and HBAR Foundation Submit Late Bid for TikTok Maisie Morrison | usagoldmines.com

Trump Brothers and Hut 8 Launch American Bitcoin Mining Venture with Plans to Go Public Maisie Morri...

Corporate Bitcoin Holdings Expected to Reach 25% of S&P 500 by 2030 Maisie Morrison | usagoldmin...

MARA Holdings Announces $2 Billion Stock Offering to Purchase Bitcoin Maisie Morrison | usagoldmines...

Metaplanet Issues ¥2 Billion in Zero-Interest Bonds to Fund Bitcoin Acquisitions Maisie Morrison | u...

France’s Bpifrance Allocates €25 Million for Blockchain Investment Maisie Morrison | usagoldmines.co...

The Blockchain Group Adds 580 Bitcoin to Treasury Holdings Maisie Morrison | usagoldmines.com

GameStop to Raise $1.4 Billion for Bitcoin Treasury Investment Maisie Morrison | usagoldmines.com

Crusoe Energy Sells Bitcoin Mining Operations to NYDIG, Focuses on AI Infrastructure Maisie Morrison...

GameStop Adds Bitcoin to Investment Policy Following Board Approval Maisie Morrison | usagoldmines.c...

Metaplanet Increases Bitcoin Holdings to 3,350 BTC, Valued at $291 Million Maisie Morrison | usagold...

Metaplanet Appoints Eric Trump to New Bitcoin Advisory Board Maisie Morrison | usagoldmines.com

Robinhood Receives ‘Buy’ Rating as Crypto Revenue Surges 700% in Q4 Maisie Morrison | usagoldmines.c...

Solana CEO Issues Apology for Advertisement Criticized as Discriminatory Maisie Morrison | usagoldmi...

Bakkt Stock Falls 27% Following Loss of Bank of America and Webull Partnerships Maisie Morrison | us...

Filmmaker Charged with Defrauding Netflix of $11 Million for Unfinished Series Maisie Morrison | usa...

Microsoft Security Team Reveals Details of StilachiRAT Cryptocurrency Theft Malware Maisie Morrison ...

Metaplanet Issues ¥2 Billion in Zero-Interest Bonds to Purchase Additional Bitcoin Maisie Morrison |...

Ark Invest Expands Crypto Holdings with $80M Bitcoin Purchase and $5.2M Coinbase Investment Oliver D...

Rumble Adds Bitcoin to Corporate Treasury with $17.1 Million Purchase Oliver Dale | usagoldmines.com

Metaplanet Acquires 162 Bitcoin for $13.5 Million, Issues New Bonds Oliver Dale | usagoldmines.com

Redacted to Launch RDAC Token on MocaList, Powered by Mocaverse and Coin List Oliver Dale | usagoldm...

Robinhood Settles FINRA Probes for $29.75 Million Over Compliance Issues Maisie Morrison | usagoldmi...

Blockstream Secures Multi-Billion Investment to Launch Bitcoin Lending Funds Oliver Dale | usagoldmi...

Metaplanet Boosts Bitcoin Holdings with $44 Million Purchase as Stock Surges Oliver Dale | usagoldmi...

Reddit Co-Founder Alexis Ohanian Joins Bid to Acquire TikTok & Move It to Blockchain Oliver Dale...

Metaplanet Increases Bitcoin Holdings to 2,391 BTC with New Purchase Maisie Morrison | usagoldmines....

Bitcoin Miner MARA Posts $214.4 Million Q4 Revenue, Beating Market Estimates Oliver Dale | usagoldmi...

AI Cloud Provider CoreWeave Plans $4 Billion IPO Filing as AI Cloud Computing Demand Surges Oliver D...

Nvidia (NVDA) Delivers Record Q4 Results Despite Recent AI Market Turbulence Oliver Dale | usagoldmi...

GameStop CEO Ryan Cohen Considers $4.6 Billion Bitcoin Purchase Recommendation Maisie Morrison | usa...

Strategy Adds 20,356 Bitcoin Worth $2 Billion to Holdings, Approaches 500,000 BTC Milestone Maisie M...

Market Maker Giant Wintermute Plans US Expansion as Regulatory Winds Shift Nicholas Say | usagoldmin...

Binance Co-Founders Refute Exchange Sale Rumors Maisie Morrison | usagoldmines.com

Bloomberg Launches Combined Bitcoin and Gold Investment Indices Maisie Morrison | usagoldmines.com

Metaplanet Secures MSCI Japan Listing with 1,762 Bitcoin Holdings Maisie Morrison | usagoldmines.com

KULR Technology Group Expands Bitcoin Treasury to 610 BTC Oliver Dale | usagoldmines.com

Riot Platforms Announces AI Computing Initiative and Board Appointments Maisie Morrison | usagoldmin...

Metaplanet Announces ¥4 Billion Bond Issue for Bitcoin Treasury Expansion Maisie Morrison | usagoldm...

LinksDAO Expands with New Token Launch & Historic Kansas City Golf Course Acquisition Oliver Dal...

Goldman Sachs Q4 Filing Shows $1.5B Bitcoin ETF Investment Maisie Morrison | usagoldmines.com

$1 Billion in Bitcoin: Tesla (TSLA) Reports $600 Million Bitcoin Gain Under New Accounting Rules Oli...

Bold Move: Elon Musk-Led Investor Group Offers $97.4B for OpenAI Acquisition Oliver Dale | usagoldmi...

Metaplanet Stock Rises 3,600% After Bitcoin Investment Strategy Maisie Morrison | usagoldmines.com

Ondo Finance Launches Specialized Blockchain for Real-World Asset Tokenization Maisie Morrison | usa...

From Micro to Macro: Strategy Rebrand Signals Software Company’s Transition to Bitcoin Focus Oliver ...

Singularity Finance Teams Up with Functionland to Boost Web3 Development Tool Oliver Dale | usagoldm...

Nuvve to Convert 30% of Excess Cash to Bitcoin Holdings Oliver Dale | usagoldmines.com

MicroStrategy Shareholders Approve 10.3 Billion Share Authorization for Bitcoin Strategy Oliver Dale...

TRON DAO Expands Wintermute Partnership to Boost Trading Liquidity Oliver Dale | usagoldmines.com

Video Platform Rumble Initiates Bitcoin Strategy with First Purchase Oliver Dale | usagoldmines.com

Komainu Secures $75M Bitcoin Investment from Blockstream Capital Partners Oliver Dale | usagoldmines...

MicroStrategy Reaches 450,000 Bitcoin Milestone After Latest Buy Oliver Dale | usagoldmines.com

Corporate Bitcoin Treasury Holdings Exceed 1 Million BTC in 2025 Oliver Dale | usagoldmines.com

Fidelity Report Details Bitcoin’s Transition from Speculation to Adoption Oliver Dale | usagoldmines...

MicroStrategy (MSTR) Trading Volume Matches Tech Giants as Corporate Bitcoin Holdings Grow Oliver Da...