Kaspersky Discovers OkoBot Malware Stealing Crypto Wallet Seed Phrases With 20 Modules

According to Bits.media, Kaspersky security researchers discovered malware OkoBot, which has been active for over one year and uses approximately 20 modules to steal cryptocurrency wallet seed phrases and credentials. The attackers employ ClickFix social engineering techniques to deceive users into running malicious commands and distribute the malware through GitHub repositories disguised as legitimate tools such as SQL Server Management Studio. Key modules include SeedHunter, which injects hardware wallets like Trezor and Ledger and displays fake recovery interfaces; MC Keylogger, which records keyboard and clipboard activity; and OkoSpyware, which tracks wallet passwords and records window video. Once attackers obtain seed phrases, they gain complete control of victims' crypto assets.

Most victims are distributed across Brazil, Vietnam, Canada, Mexico, and Turkey. The attackers have implemented geographic blocks against IP addresses in Russia and Commonwealth of Independent States countries.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments