In responses to the article, Ledger disclosed that the malware infects only Windows systems, even though the company supposedly identified only one computer affected.
Ledger further observed that the malware could not endanger computers or digital currency of users, but only reflects a phishing attack in an attempt to attract users to share their 24-word retrieval phrases.
The company’s Twitter announcement specifically reads:
WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update. Please refer to our security best practices https://t.co/MlAUlgoqj9 pic.twitter.com/Qzr3o4xaOq
— Ledger (@Ledger) April 25, 2019
Ledger also noted out that malware did not arise from its homepage or servers, but at the time the company did not identify the method of attack. Last December, the team of researchers behind the so-called “Wallet.fail” hacking venture asserted they could deploy any system software on a Ledger Nano S.
While the group of coders used this weakness to play the Snake game on the gadget, one group member who found the security flaw argued:
“We can send malicious transactions to the ST31 [the secure chip] and even confirm it ourselves [via software,] or we can even go and show a different transaction [not the one that is actually being sent] on the screen.”
The group also found weakness in the company’s most costly hardware wallet, the Ledger Blue, which boasts of a color touchscreen. The inputs are transmitted on the motherboard by an exceptionally long trace, the academic described, and that’s why it releases those inputs as radio signals.
When a USB cable is connected to the device, the above-mentioned circulated radio waves allegedly become powerful enough to be readily collected from a range of many meters.
Ledger asserted that the exposed security flaws in its hardware wallets are not crucial. Ledger said the weakness was not crucial because “they failed to extract seed or PIN on a stolen device,” and “sensitive assets stored on the Secure Element remain secure.”