Crypto2Community
HomeCrypto NewsReviewsGuidesGamblingTradingPress Release

Crypto 2 Community

  • About Us
  • Editorial Policy
  • Why Trust Us
  • Contact Us
  • Privacy Policy
  • Submit a Press Release

Cryptocurrency

  • Best Cryptos to Buy Now
  • Best Crypto Exchanges
  • How To Buy Cryptocurrency
  • Best Crypto Wallets
  • Best Altcoins to Buy

Gambling

  • Best Bitcoin Casinos
  • Best Ethereum Casinos
  • Best Crypto Live Casinos
  • Best Crypto Faucet Casinos
  • Provably Fair Bitcoin Casinos

Best Platforms

  • eToro Review
  • BC.Game Review
  • Jackbit Review
  • Metaspins Review
  • CryptoLeo Review

© 2026 Crypto2Community.com

CAUTION: The content presented on this platform is not intended as financial guidance, and we lack the authorization to offer investment advice. Any material found on this website should not be construed as an endorsement or recommendation of any specific trading strategy or investment decision. The information provided herein is of a general nature, and therefore it is essential to evaluate it in the context of your objectives, financial circumstances, and requirements.

Investment activities involve speculation and entail inherent risks to your capital. This website is not intended for utilization in jurisdictions where the described trading or investment activities are prohibited, and it should only be accessed by individuals who are legally permitted to do so. Depending on your country or state of residence, your investment may not be eligible for investor protection, hence it is advisable to conduct thorough research independently or seek appropriate guidance. While this website is accessible to you free of charge, please note that we may receive commissions from the companies featured on this site.

Disclosure: 18+ Rules regarding online gambling vary from country to country, please ensure you are following them and gamble responsibly. The content on this website is provided for entertainment purposes only. We may utilise affiliate links within our content, and receive commission.

Home/Crypto News
Crypto News

Malware Uses Fake Ledger Live Apps to Steal Seed Phrases on macOS

Raymond Munene
Written byRaymond Munene
Crypto Writer
Fact checked byJoshua Downes
UpdatedMay 23, 2025
Our disclosure policy →
!

Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.

ShareTweetShareLinkedIn
Malware Uses Fake Ledger Live Apps to Steal Seed Phrases on macOS

Highlights:

  • Cybercriminals use fake Ledger Live apps to steal crypto seed phrases from MacOS users.
  • Over 2,800 websites host malware linked to these attacks.
  • Attackers replace the real app to trick users into entering seed phrases.

Fake versions of Ledger Live apps are being used by cybercriminals to gain macOS users’ cryptocurrency seed phrases. As per a recent report, these false wallet apps mimic the original wallet manager, making it possible for many to give their sensitive recovery phrases without knowing.

Advertisement

Banner

Since August 2024, the cybersecurity company Moonlock has been following this operation. The firm identified over four active campaigns that used malicious versions of Ledger Live. Cloned apps act like the real app to trick users into typing their 24-word recovery phrase after an error message appears.

Fake Ledger Live app drains users' assets by stealing their seed phrases: Moonlock

Cybercriminals are leveraging a fake Ledger Live app to replace the legitimate one on macOS users’ devices, thereby stealing their seed phrases and draining their crypto assets, Cointelegraph…

— CoinNess Global (@CoinnessGL) May 23, 2025

Malware Replaces Original Ledger App on Compromised Devices

Atomic macOS Stealer, known as AMOS, is the key method that cybercriminals depend on. The malware is hidden inside software downloads and spreads after infecting more than 2,800 websites. After installation, the fake app displays in place of the real Ledger Live app.

This fraudulent page gives users warnings about questionable activity in their wallet. After that, the wallet prompts users to enter their seed phrase again, supposedly to confirm access. Once users follow the steps, their information goes directly to an attacker’s server.

It was also found by security researchers that usernames, web browser data, information on wallets, and system details are captured by the malware. Such details let hackers carry out more effective attacks in the future and design better-looking phishing screens.

New Variants Emerge, Pushing More Advanced Attacks

Several versions of new malware have emerged since March. One example, called Odyssey, copies the Ledger Live app and creates fake phishing pages that seem realistic. It tells users they must recover their wallet after showing a phony “critical error” message. After that, the malware takes the phrase and delivers it to a command-and-control server.

AMOS released a fake app by using a DMG file called “JandiInstaller.dmg” in a similar campaign. This new version got past Gatekeeper and once again used the same phishing technique. Users who entered their seed phrase got a warning saying the app was corrupt, which slowed their ability to suspect anything while their money was being drained.

In addition, researchers at Jamf found a separate campaign providing a PyInstaller-packed binary in a DMG file. A phishing page was shown by opening an iframe within the replicated application. With this configuration, the tool collected seed keys and gathered data from browsers and wallets.

Attackers are using PyInstaller to deploy infostealers on macOS. Jamf Threat Labs investigates this newly discovered technique.

Learn more: https://t.co/XnNxAAlKnO#CyberSecurity #JamfThreatLabs #ITAdmins #macOS

— Jamf (@JamfSoftware) May 12, 2025

Threat Continues Evolving with New Tools and Strategies

Anti-Ledger messages are becoming more common on dark web forums, according to security professionals. Some types of malware promise to provide tools specifically aimed at Ledger users. But, according to investigators, several of these features are still being developed or have not been fully launched.

Despite that, attackers are still making their techniques more advanced. The current set of samples exhibits better-looking user interfaces and more convincing phishing strategies. New groups are copying their approaches and also spreading similar clones.

According to researchers, seed phrases must be provided exclusively for setting up a wallet or restoring it on the physical Ledger device, not through apps or websites. Additionally, Ledger Live should only be downloaded directly from the Ledger official website.

eToro Platform

Best Crypto Exchange

  • Over 90 top cryptos to trade
  • Regulated by top-tier entities
  • User-friendly trading app
  • 30+ million users
9.9

5 Stars

Visit eToro

eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.

Advertisement

Banner

Tags

CybersecurityLedger LiveMacOSMalwarePhishingScam
Raymond Munene
Crypto2CommunityContributor
Author

Raymond Munene

Raymond Munene is a crypto content writer who contributes to Crypto2Community. With over three years of experience, he is interested in Bitcoin, Blockchain, and Technical Analysis. Focusing on daily market analysis, his research helps traders and investors alike. His particular interest in cryptocurrency and blockchain aids his audience.

View full profile →
i
How we work

About Crypto2Community's Editorial Process

Crypto2Community's editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict editorial policy and sourcing standards, and each page undergoes diligent review by our team of top crypto industry experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

More by this author

  • Lawson to Test Yen Stablecoin Payments at Convenience Stores in Japan
  • Ripple Backs UK Plan to Move Tokenized Wholesale Markets Into Live Trading
  • Best Cryptocurrencies to Invest in Today, July 13 – Ethereum, Solana, XRP
Continue reading

Related Articles

Lawson to Test Yen Stablecoin Payments at Convenience Stores in JapanCrypto News
Lawson to Test Yen Stablecoin Payments at Convenience Stores in Japan
Crypto News4 minutes ago
Chinedu Agbakwusi
By Chinedu Agbakwusi7/13/2026
Ripple Backs UK Plan to Move Tokenized Wholesale Markets Into Live TradingCrypto News
Ripple Backs UK Plan to Move Tokenized Wholesale Markets Into Live Trading
Crypto News13 minutes ago
Austin Mwendia
By Austin Mwendia7/13/2026
Best Cryptocurrencies to Invest in Today, July 13 – Ethereum, Solana, XRPCrypto News
Best Cryptocurrencies to Invest in Today, July 13 – Ethereum, Solana, XRP
Crypto News1 hours ago
Austin Mwendia
By Austin Mwendia7/13/2026

Advertisement

Banner

Advertisement

Banner

🔥Latest offers

Play Now

9.85 Stars

🔥 Get up to 60% with all rewards

Play Now →

Claim Bonus

9.65 Stars

💸 300% deposit bonus up to 20,000 USD

Claim Bonus →

Visit eToro

9.95 Stars

Best Crypto Exchange 2025

Visit eToro →

Virtual currencies are highly volatile. Your capital is at risk.

Visit KuCoin

9.55 Stars

Trading features & low fees

Visit KuCoin →

Popular Topics

  • Sei Price Prediction 2025, 2030, 2040
  • Uniswap Price Prediction 2025, 2030, 2040
  • Near Protocol Price Prediction 2025, 2030, 2040
  • Loopring Price Prediction 2025, 2030, 2040
  • Chainlink Price Prediction 2025, 2030, 2040

Trending News

  • Lawson to Test Yen Stablecoin Payments at Convenience Stores in Japan
  • Ripple Backs UK Plan to Move Tokenized Wholesale Markets Into Live Trading
  • Crypto Weekly Market Wrap July 13 – ETF Flows, Regulation, Security Breaches, and Institutional Moves
  • Best Cryptocurrencies to Invest in Today, July 13 – Ethereum, Solana, XRP
  • SBI Group to Launch JPYSC Stablecoin Lending Service With 3% Annual Yield This Month
  • Tom Lee Predicts Bitcoin Above $100K and Ethereum Above $5K by Year-End
  • Fidelity Says Bitcoin May Be Entering a Key Accumulation Zone
  • Singapore Police and Crypto Exchanges Prevent $4.2 Million in Potential Scam Losses
  • Michael Saylor and Adam Back Warn Against Bitcoin’s BIP 110 Proposal
  • Suspected Hedera Network Exploit Sends Over $5.8M to Ethereum
  • IMF Paper Warns Stablecoins Could Fuel Currency Runs During Market Stress
  • Bitcoin ETFs End Eight-Week Slide with $197 Million Inflow 
  • Best Memecoins to Invest in Today, July 11 – PEPE, FLOKI, SHIB
  • USDT on TRON Climbs to Record $90.3B Despite Broader Stablecoin Decline
  • XRP Ledger Activity Falls to 2026 Lows as Interest in XRP Drops
  • Robinhood Says Agentic AI Crypto Trading Is Coming Soon
  • Five Senate Democrats Demand Hearings Over Trump’s $1.4 Billion Crypto Earnings
  • Celestia Price Analysis – TIA Targets $0.52 Breakout as AI Demand Strengthens Bull Case
  • Morpho Price Prediction – MORPHO Eyes $3 as Demand Strengthens
  • Ethereum Foundation Team Disbands Protocol Support as Restructuring Deepens