• 2 min read
OkoBot targets crypto wallets in 25+ countries
Kaspersky says OkoBot has been active for more than a year, stealing crypto wallet data with 20+ modules and fake recovery pages.

Image: iXBT
Kaspersky GReAT says it has uncovered a malware platform called OkoBot built to steal cryptocurrency and user data, with the campaign active for more than a year and still ongoing.
According to the company, OkoBot includes more than 20 modules that can steal credentials and seed phrases, install malicious browser extensions, track user activity, and log keystrokes.
Infections spread through social engineering, including the ClickFix scheme, as well as through GitHub, where the malware is disguised as legitimate software. Kaspersky said one module watches for launches of hardware wallet apps from Trezor and Ledger. It then shows a fake account recovery page designed to capture the victim’s seed phrase.
Attack attempts have been recorded in more than 25 countries, including Brazil, Vietnam, Canada, Mexico, and Turkey. Kaspersky’s experts estimate that developers and other IT professionals are among the attackers' main targets.
The researchers also said the techniques used and the Russian-language artifacts they found may point to the origin of those behind the campaign.

Recommended reading
Microsoft spots spike in ACR Stealer attacks
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via iXBT


