Login
Sign Up
Woofun AI reports that cybersecurity firm Kaspersky has identified a new malware framework named OkoBot, which targets cryptocurrency investors using social engineering and trojanized GitHub applications. The malware is capable of exfiltrating crypto wallet files, browser data, and user credentials, while also injecting malicious extensions and intercepting wallet application windows to steal assets.
Kaspersky states that attacks involving this malware family have been detected since January 2026. The framework evolved from TookPS, first identified in 2025, which was previously distributed via trojan downloaders through fake software websites. Separately, SlowMist disclosed that a new wave of malicious activity is infiltrating Web3 developers' devices through fake LinkedIn recruitment opportunities, tricking them into installing dependencies that steal project keys and wallet extension data.