Malware targeting its desktop application was detected by hardware cryptocurrency wallet manufacturer ledger. This was tweeted via the company’s Twitter handle on April 25th of April 2009. A bug was detected by the ledger and warned its user, stating the malware locally replaces the ledger live desktop app with a malicious one, and advised to follow security practices published on its blog. The company’s twitter announcement reads explicitly:
“WARNING: we have detected a malware that locally replaces the ledger live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update”
The ledger revealed in the comments that the malware is infecting only windows machines, the company also went on to reveal that only one affected device has been detected. The ledger further stated that the malware only represents a phishing attack in a bid to lure users into entering their 24-words recovery phrases and could not compromise user’s computers or digital currency. It was also pointed out by the ledger that the malicious software did not come from its websites or servers. Still, the company was not able to discover the means of infection at that time.
The team of researchers behind the dubbed “wallet.Fail” hacking project laid claims, stating that they were able to install any firmware on ledger Nano S. while the team made use of this weakness to play a game of snake on the device, a member of the team who found the exploit also claimed:
“we can send malicious transactions to the ST31 [the secure chip] and even confirm it ourselves [via software,] or we can even go and show a different transaction [not the one that is being sent] on the screen.”
They also demonstrated a weakness, found in the ledger blue, the most expensive hardware wallet produced by the company which comes with a color touchscreen. The researcher explained that there is an unusually long trace on the motherboard used to transport signals to the screen, which is why it leaks those signals as radio waves. When a USB cable is attached to the device, the formerly mentions leaked signals become strong enough to be quickly received from a distance of several meters.
Following the claim of the researchers, the ledger stated that the uncovered vulnerabilities in its hardware wallets are not critical. The reason for stating that was “they did not succeed to extract any seed nor pin on a stolen device” and “sensitive assets stored on the secure element remain secure.”