According to The Hacker News, Kaspersky GReAT team’s latest report shows that a malicious software framework called OkoBot has been running on Windows systems since April 2025 and has already infected hundreds of devices in more than 25 countries. The framework includes a module called SeedHunter that specifically hijacks wallet desktop applications such as Ledger Live and Trezor Suite by implanting fake recovery pages inside the software, thereby tricking hardware wallet users into entering seed phrases. Kaspersky said the malicious software framework also has monitoring capabilities such as stealing browser credentials, screen recording, and keystroke logging, and the attackers have not yet been attributed to any known hacking organizations. Kaspersky advises users to regularly check whether their systems have scheduled tasks named “Apple Sync,” unusual remote desktop accounts, and outbound SSH connections.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned