Kaspersky: Malware OkoBot steals crypto wallet seed phrases, users in multiple countries affected

robot
Abstract generation in progress

PANews July 18 news, citing Bits.media: Kaspersky security researchers have found a new malware, OkoBot, which steals cryptocurrency wallet seed phrases and credentials through about 20 modules. The attackers use the ClickFix social engineering technique to trick users into running malicious commands, and spread it via GitHub repositories disguised as legitimate tools such as SQL Server Management Studio. OkoBot’s modules include: SeedHunter injecting into hardware wallets like Trezor and Ledger, showing a fake interface when recovering seed phrases; MC Keylogger recording keyboard and clipboard activity; OkoSpyware tracking wallet passwords and recording window videos. Once the attackers obtain the seed phrases, they can fully control the victims’ crypto assets, and the funds are almost impossible to recover. Kaspersky said OkoBot has been in existence for more than a year, with most victims located in Brazil, Vietnam, Canada, Mexico, and Turkey. The attackers also implemented geo-blocking for IP addresses in Russia and CIS countries.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned