The kit includes anti-detection functions, keylogging and notifications via Telegram.
Coinciding with the detection of the kit, a user lost 5.9 BTC when using a fake Ledger app.
Dark Web Informer, a cybersecurity and analysis team, reported on April 12 that a malicious actor is selling a phishing kit designed to imitate the interfaces of Ledger, the hardware wallet manufacturer.
The kit includes anti-detection, keylogging and real-time notifications via Telegram, allowing the attacker receive instant alerts when a victim enters their informationaccording to the report Dark Web Informer.
In agreement with what was explained by Dark Web Informer although without a verified relationship, A user on X claimed to have lost 5.9 bitcoins (BTC)equivalent to approximately USD 423,000, after downloading a fake Ledger application from the Apple App Store.
«I lost my retirement fund in a hack. All my BTC disappeared in an instant. “I lost 5.9 BTC, all I had for ten years,” he wrote.
Why is a fake Ledger app dangerous?
Ledger hardware wallets, that is, physical devices, store the user’s private keys in isolation, without an internet connection. However, to operate, the device needs to connect to a software application installed on the user’s computer or phone, called Ledger Live. This application is the interface that allows you to view balances, send and receive cryptocurrencies, and manage the device.
A fake app imitating Ledger Live can trick the user into entering their recovery phrase, the 24 words that restore access to funds on any device. If an attacker obtained that phrase, You can access funds without needing the physical device and empty the wallet.
This deception is precisely what is known as phishing. This is a technique in which an attacker impersonates the identity of a legitimate service, in this case Ledger, for the victim to voluntarily hand over sensitive information believing that it interacts with the real platform.
Unlike a technical hack that forces access to a system, phishing exploits user trust; He does not break the lock, but rather tricks the victim into handing over the key.
Ledger’s recommendations
On April 13, the Ledger team public in X a series of safety reminders. According to its statement, Ledger never contacts its users by direct messages or phone calls to provide supportnever asks for the 24-word recovery phrase, never asks to enter it online or photograph it, and only distributes its official app through its ledger.com website.
Finally, the team also reminded that the recovery phrase must remain offline at all times and that any application, email, message or website that requests it is an attempted theft.