PANews reported on May 23 that according to Cointelegraph, the cybersecurity company Moonlock released a report on May 22 that hackers are stealing macOS user mnemonics and clearing crypto assets through fake Ledger Live applications. The malware replaces the genuine application in the device and pops up a fake pop-up window to induce users to enter mnemonics, and then transmits the data to the attacker's server. The attack mainly uses the Atomic macOS Stealer malicious program, which has infected at least 2,800 websites. The program can not only steal data such as passwords and wallet information, but also implant fake Ledger Live applications. Moonlock found that there have been four active attack activities since August 2023, and hacker technology continues to upgrade. Malware advertisements that even boast "anti-Ledger" functions have appeared in dark web forums, but actual tests show that the relevant functions have not yet been perfected.

Moonlock warned that such attacks directly target users' trust in Ledger Live, and recommended that users only download the application from official channels and never enter or share the mnemonic phrase on any website. As of press time, Ledger has not commented on the matter.