Kaspersky Uncovers One of Most Dangerous Crypto-Stealing Bots for Wallet Owners

CN
U.today
Follow
3 hours ago

Experts from Kaspersky's Global Research and Analysis Team (GReAT) warn that hundreds of users across 25 countries are at risk of having their assets stolen as the dangerous OkoBot malware framework targeting cryptocurrency owners entered an active phase. 


Hackers have completely revised their tactics and are now targeting people who believed they were fully protected, analysts note in a new report.


The malware steals funds by intercepting the functions of the official Ledger Live, Ledger Wallet, and Trezor Suite applications and displaying a fake verification window. To avoid falling for this trick, users are advised to strictly follow three key security rules:


HOT Stories US Nets Just 15% of FTX's Shiba Inu (SHIB) Value; Bitcoin Does What AI Cannot, Binance Founder Explains; 70 Million XRP Lands in Millionaire Whale Wallets - Morning Crypto Report Shiba Inu Adds 60% in Weekly Spot Flows: Explaining What It Means for Price Health
  • Never enter a seed phrase using a PC keyboard
  • Do not execute third-party scripts from the internet
  • Check the system for hidden RDP access

In this campaign, attackers are deliberately targeting IT specialists and software developers. The initial compromise occurs when hackers disguise malware as popular work tools and distribute infected software through GitHub. 



Fake Ledger and Trezor recovery windows used by OkoBot hackers to siphon seed phrases, Source: Kaspersky's GReAT research (July 15 2026)

In particular, researchers have already discovered the malware inside a fake Microsoft SQL Server Management Studio (SSMS) installer.


At the same time, attackers are using sophisticated ClickFix attacks, a social engineering technique in which users are persuaded to copy and run malicious code in a terminal under the pretext of fixing an unexpected browser error.


What comes next: analysts' forecasts


According to Kaspersky GReAT, since the malware uses a modular structure consisting of more than 20 components, including the Rilide infostealer and the OkoSpyware surveillance module, the geographical reach of the attacks is expected to expand beyond the countries currently reporting the highest number of infections, led by Brazil, Vietnam, Canada, Mexico, and Turkey.



You Might Also Like
Mon, 07/13/2026 - 08:05 Beware of Memecoin Scams on Robinhood Chain: Scatman, Hood, and Cash Cat Copycats — Here's How to Avoid ThemByArman Shirinyan

New hidden extensions for Chromium-based browsers, including Chrome and Edge, are also expected to emerge. The malware can completely remove these extensions from the visible list of installed add-ons, leaving users unaware of their presence.


The final stage may involve the large-scale sale of access to victims' computers. After establishing persistence in a system, OkoBot secretly creates a new administrator account and opens a permanent SSH tunnel for remote control through RDP.


免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink