Fake Ledger Security Update Targets Crypto Users in Phishing Scam

Malicious actors have launched a new wave of phishing scams against crypto wallet Ledger users, urging them to update their software to introduce a new feature that would enhance their device transparency and security.

Thomas Roccia, senior malware and threat researcher at Microsoft, revealed via a tweet that the Ledger scam is “very clean,” implying that unsuspecting users are likely to fall victim to the phishing emails because they appear legit.

Scams Target Ledger Users

According to a screenshot of the email shared by Roccia, scammers impersonating Ledger claim that the new feature – Clear Signing – ensures users remain in full control of their devices and assets. 

Clear Signing purportedly allows users to review and verify all transaction details directly on their Ledger device screen before any approvals are made. 

“Whether you’re transferring funds, interacting with smart contracts, or using decentralized apps (dApps), Clear Signing ensures that every detail-such as recipient address, amount, and fees is fully visible and accurate,” they stated in the email.

The irony of the email is that the scammers claim the update eliminates the risk of users “blind signing” – a situation where malicious software could tamper with users’ transactions without their knowledge. Clear Signing purportedly eliminates the blind signing risk by ensuring users see what they are signing on their devices.

Malicious Update Deadline by October 31

Interestingly, the scammers urged Ledger users to activate the update by October 31 to ensure their devices are secured and protected from phishing attacks and increasingly sophisticated fraudulent activities.

The phishing email contains a malicious link to “quickly” activate the Clear Signing update. While the link appears to be for activating the update, Ledger users would lose access to their devices and assets upon interaction with it.

“We urge you to activate Clear Signing before October 31, 2024, to ensure uninterrupted access to your Ledger device and continued protection for your assets. Visit Ledger-ClearSigning today to enable this important security feature. Thank you for choosing Ledger. We are committed to keeping your assets safe,” the scammers added. 

Phishing scams, which are becoming increasingly rampant in the crypto industry, have tricked users into willingly giving scammers access to their wallets and digital assets. These attacks have been responsible for multi-million dollar losses this year and are bound to cause more losses in the future as investors continuously fall victim to their gimmicks.