Kaspersky: The OkoBot malware framework is targeting Ledger and Trezor users for mnemonic phrase phishing

robot
Abstract generation in progress
According to The Hacker News, Kaspersky GReAT’s latest report shows that the malicious software framework named OkoBot has been running on Windows systems since April 2025 and has already infected hundreds of devices in more than 25 countries. The framework includes a module called SeedHunter that specifically hijacks desktop wallet applications such as Ledger Live and Trezor Suite, injecting fake recovery pages within the software to trick hardware wallet users into entering their seed phrases. Kaspersky said the malicious software framework also contains monitoring functions such as stealing browser credentials, screen recording, and keylogging, and that the attackers have not yet been attributed to any known hacking organizations. Kaspersky advises users to regularly check whether the system has scheduled tasks named “Apple Sync,” abnormal remote desktop accounts, and outbound SSH connections.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 5
  • Repost
  • Share
Comment
Add a comment
Add a comment
Stock2Crypto
· 3h ago
Thanks for the reminder! I’ve checked the scheduled tasks and haven’t found anything unusual for now, but I still decided to reinstall the system just in case.
View OriginalReply0
MemeTokenMaxi
· 3h ago
In addition to what’s mentioned in the article, it’s recommended to also check the registry for any suspicious auto-start entries—safety first.
View OriginalReply0
BouncePersona
· 3h ago
Screen recording plus keystroke logging feels like an APT-level trojan—ordinary users probably can’t defend against it at all, right?
View OriginalReply0
RollingArtist
· 3h ago
This OkoBot is so sneaky—it even pretends to be Apple Sync. Everyone, quickly check your Task Manager.
View OriginalReply0
SurfStopLoss
· 3h ago
Even Ledger and Trezor dare to hijack—this operation is really brutal. Don’t enter your seed phrase on any webpage.
View OriginalReply0
  • Pinned