Ledger Secure, an extension for Google Chrome, isn’t related to Ledger, the hardware wallet makers of a similar name. Instead, it passes a user’s seed phrase back to the creator of the extension, claimed @BTCSchellingPt.
Their suspicions were confirmed by the official support account for Ledger, which tweeted, “A Chrome extension malware has been detected called "Ledger Secure". This is NOT a legitimate Ledger application...DO NOT use it and contact us if you've installed it.”
The malware has caught one victim, who goes by “hackedzec” on Twitter. The user claims to have had 600 ZCash, the equivalent of around $16,000, stolen from them.
Experience Web 3.0.
Be the first to get Decrypt Members. A new type of account built on blockchain.
The user had only ever entered their seed phrase on their computer once, two years ago. And the user also remembered photocopying the seed phrase, using a printer that was connected to the computer through WiFi.
But then the user noticed a random file on their computer that led them to a Twitter account run by Ledger Secure, the fake Ledger app.
Hackedzec’s story surfaced just a few days after Harry Denley, the director of security at MyCrypto, discovered that “Shitcoin Wallet”, a browser based Ethereum wallet that is listed on Google Chrome’s Web Store, was also malicious. Denley found that Shitcoin Wallet stole users private keys, as well as login information for sites such as Binance.
Google’s listing of the malicious applications also comes at the same time as it overturned a brief ban against MetaMask, the browser-based Ethereum wallet interface, on its Google Play Store. Google claimed in late December that MetaMask had violated its terms of service for financial apps; it linked MetaMask to mobile mining. MetaMask claimed it wasn’t a mining app, and its ban has subsequently been overturned.
Google might not have a problem with crypto industry—but, after all the bad press, the industry is definitely starting to ask questions about Google.