Users of the Ripple payment network have been robbed of $160,000 in XRP, the company’s cryptocurrency. After an immediate investigation Xrplorer Forensic, their cybersecurity team discovered the cause. It was a fake Ledger Live crypto wallet extension for Google Chrome browser.
One of its latest installment files, “Update.exe” surfaced on March 25, More than 3,000 people already downloaded it, according to Russian antivirus company Dr. Web. The scammers’ main aims are USA, Canada, Australia, UK, Israel, and Turkey.
The XRP owners downloaded faux Ledger Live updates in hopes to set up cold storage transfers. Unbeknown to them it requested access to the “Post” method. This allowed the malware to obtain passphrases and security codes and drain no less than 1,5 million XRP so far.
Despite being a cybercrime tool, the scammy Ledger extensions are still advertised on Google and use Google Docs for data, claims Xrplorer Forensic.