Home > Quick > Body

Kaspersky Researchers Detect OkoBot Malware Targeting Crypto Wallet Seed Phrases

clock
2026-07-18 10:03:49
Kaspersky security researchers have identified a new malware strain called OkoBot that uses about 20 modules to steal crypto wallet seed phrases and credentials.

According to ChainCatcher, attackers spread the malware through GitHub repositories disguised as legitimate tools such as SQL Server Management Studio and use ClickFix social engineering to trick users into running malicious commands.

The malware includes a SeedHunter module that injects fake recovery screens into Trezor and Ledger hardware wallets, an MC Keylogger that records keyboard and clipboard activity, and OkoSpyware, which tracks wallet passwords and records window video.

Kaspersky said that once attackers obtain a seed phrase, they can fully control a victim's crypto assets, and the funds are nearly impossible to recover.

The company said OkoBot has existed for more than a year, with most victims located in Brazil, Vietnam, Canada, Mexico, and Turkey. Attackers have also geo-blocked IP addresses from Russia and CIS countries.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.