Cryptocurrency owners at risk: New OkoBot malware platform discovered

Experts from Kaspersky GReAT, specializing in cybersecurity, have identified a new malicious platform called OkoBot, designed to steal cryptocurrency funds and personal data from users. According to researchers, this cyberattack campaign has been ongoing for over a year and remains in an active phase. This is reported by Ixbt.com reports.
The OkoBot platform includes over 20 modules capable of stealing not only logins and passwords but also the secret seed phrases required to access crypto wallets. The malware can install spyware browser extensions, record user screen activity, and log every keystroke (keylogger). This means all of a user's digital activity is at risk.
Attack methods and social engineering
Attackers primarily use social engineering techniques to trap victims. Specifically, through the ClickFix scheme, users are coerced into running malicious code under the guise of fixing a software error. Additionally, the malware is distributed on the GitHub platform disguised as legitimate and useful services.One of the most dangerous aspects of the OkoBot system is its attack on hardware wallets. A special module monitors the launch of popular hardware crypto wallet applications like Trezor and Ledger. Subsequently, the program displays a fake "system recovery" page and asks the user to enter their seed phrase. Once this information is obtained, criminals drain all funds from the wallet.
Target audience and geography
According to the publication ixbt.com, the primary targets of the cybercriminals are developers and other IT professionals. This is no coincidence, as this category of users often holds significant crypto assets and regularly uses platforms like GitHub. Attacks have been recorded in over 25 countries worldwide so far, including Brazil, Canada, Turkey, Mexico, and Vietnam.Experts note that Russian-language artifacts found in the program code may provide clues about the origins of those behind this campaign. Users are advised to take the following security measures:
- Do not download programs from unknown sources or suspicious repositories on GitHub;
- Never enter your hardware wallet seed phrase on any website;
- Regularly check your list of browser extensions;
- Use two-factor authentication (2FA) systems.























Comments 0
…