#Ledger

Warning from Moonlock: A fake Ledger Live app targeting macOS users is stealing secret phrases to withdraw cryptocurrencies through malware that has spread since August on more than 2,800 sites.

Among the methods used by scammers to replace the original app is the Atomic macOS Stealer virus, designed to steal sensitive data, which has been detected - according to Moonlock - on at least 2,800 hacked websites.

"The fake app then displays a convincing alert about suspicious activity and asks the user to enter their secret phrase. Once entered, the phrase is sent to a server controlled by the attacker, putting the user's assets at risk within seconds."

To avoid falling victim to such attacks, Moonlock recommends that users be extremely cautious of any page claiming to have a "critical error" and requesting the entry of the 24-word recovery phrase.

It also advises against sharing the secret phrase with anyone, not to enter it on any website no matter how trustworthy it seems, and to ensure that the Ledger Live app is only downloaded from the official website.