The malicious package features a redesigned 2025 UI inspired by Ledger’s authentic interface, anti-bot protection mechanisms, a responsive design for both desktop and mobile platforms, and seed phrase capture functionality that enables the theft of private keys.
Threat actors market the phishing kit through dark web channels, claiming the tool serves “educational purposes” while providing download links through anonymized file-sharing services.
The vendors invite direct messages for additional information, indicating organized distribution networks targeting Ledger users specifically.
The attackers exploited their access to manipulate the victim into submitting a transaction that designated the attacker as a valid Venus delegate, allowing them to borrow and redeem funds on the victim’s behalf.
These attacks account for the highest number of security breaches recorded this year, stressing the effectiveness of social engineering tactics against cryptocurrency users.
The actors marketed the Ledger impersonation tools for educational purposes, but SOCRadar researchers noted that the intent appears fraudulent.
If true, scammers could soon use these tools to exploit user trust in established security products and facilitate large-scale theft operations.
