BleepingComputer reports that more than $768,000 worth of cryptocurrency assets have been exfiltrated by the fraudulent cryptocurrency management app Ledger Live Web3, which has since been removed from the Microsoft Store.
Threat actors were able to exfiltrate nearly $600,000 from individuals who downloaded the fake Ledger app before proceeding to steal another $180,000 through another cryptocurrency wallet, according to ZachXBT.
Further examination of Ledger Live Web3's page on the Microsoft Store revealed little effort from the fraudsters to establish legitimacy, with the app shown to have "Official Dev" as its developer name and a lone five-star rating, as well as a description lifted from the real Ledger app's entry in the Apple Store. Attackers also established a webpage for the fake app touting Microsoft Store availability with the GitBook documentation management platform.
Such a development suggests the inadequate vetting process of Microsoft for apps in its app store, said ZachXBT. Microsoft has yet to comment on its app screening process.