Hackers Target macOS With Fake Ledger Apps, Steal Crypto

Hackers are ramping up efforts to compromise macOS users by deploying malware through counterfeit versions of Ledger Live, the software used to manage Ledger hardware cryptocurrency wallets, according to research by Moonlock. Since August 2024, at least four distinct campaigns have been identified, with attackers refining tactics to bypass Apple’s security measures and steal users’ seed phrases.

Originally focused on harvesting credentials and wallet information, these campaigns have quickly evolved into full-scale phishing operations capable of draining wallets within seconds. A key development is the emergence of the “Odyssey stealer,” a malware strain that mimics legitimate Ledger Live interfaces, prompting victims to enter their 24-word recovery phrases under the guise of resolving fake critical errors.

The malware uses advanced evasion techniques, including virtual machine detection, to avoid analysis. The growing sophistication of these attacks poses a broader risk to the cryptocurrency ecosystem, undermining trust in cold wallet security and exposing users to potential financial loss.