Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets, writes Bleeping Computer*.
Published with the name Ledger Live Web3, the fake application appears to have been present in the Microsoft Store since October 19, but the cryptocurrency theft started being reported just a couple of days ago. Blockchain enthusiast ZachXBT alerted the cryptocurrency community on November 5 of a fraudulent Ledger Live application in the Microsoft Store. Microsoft reacted on the same day and removed the app from the store.
Faking crypto pages and apps are sadly nothing new. As far back as 2017, we could observe fake apps – then in the Google Play Store. Google since have ramped up its protection mechanisms, but it is worrisome that major stores like the Microsoft Store, in the current case, can be misused to spread such malicious apps. Thanks to the quick reaction of Microsoft, the damage could be limited this time, and one may assume they’ve also improved security measures. But it’s just as worrisome that users fell for an app that didn’t even try to appear legitimate.
Our best advice with any banking or finance app is to follow the trail from the vendor’s official website to their offering in the according app stores on mobile OS devices, such as iPhones and Android phones, but also to install security apps able to scan any downloaded content and apps and block potentially harmful fakes. Last year, we gathered a few more safety tips and background information on our official blog.
by Thomas Ulemann, ESET
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 