Hardware wallet manufacturer, Ledger, has warned its users that a new malware affecting Windows users is attempting to obtain their 24 word recovery phrases.
The malware is a phishing attempt that replaces the desktop Ledger Live app with a malicious one, and asks users to enter their recovery phrase after a fake update.
WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update. Please refer to our security best practices https://t.co/MlAUlgoqj9 pic.twitter.com/Qzr3o4xaOq
— Ledger (@Ledger) April 25, 2019
The Ledger team believes that the malware is only targeting Windows users and it has not been discovered to be affecting mobile users.
The team also urges users not to enter their recovery phrase should they encounter a form like the one the malware presents. The team has put up a detailed blog post on how not to fall prey to attackers.
Both Ledger and Trezor, the most popular hardware wallet manufacturers, have been pointed out as having security vulnerabilities. Ledger published a blog post that detailed flaws in Trezor’s wallet, which the latter responded to.