Login
Sign Up
Woofun AI reports that Kaspersky security researchers have identified OkoBot, a new malware strain designed to exfiltrate cryptocurrency wallet recovery phrases and credentials through approximately 20 distinct modules. The threat actors employ ClickFix social engineering tactics to deceive users into executing malicious commands, distributing the software via GitHub repositories disguised as legitimate utilities such as SQL Server Management Studio.
OkoBot’s architecture includes SeedHunter, which injects into hardware wallets like Trezor and Ledger to display fake interfaces during recovery; MC Keylogger, which records keyboard and clipboard activity; and OkoSpyware, which monitors wallet passwords and captures window video. Once recovery phrases are compromised, attackers gain full control over assets, rendering fund recovery nearly impossible. Kaspersky noted the malware has operated for over a year, with victims primarily located in Brazil, Vietnam, Canada, Mexico, and Turkey, while IP addresses from Russia and CIS countries are blocked.