Kaspersky discloses the malware framework OkoBot targeting cryptocurrency investors

robot
Abstract generation in progress

Odaily Planet Daily reports that cybersecurity company Kaspersky disclosed that a new malware framework called OkoBot is targeting cryptocurrency investors through social engineering tactics and GitHub applications infected with trojans. The malware can steal crypto wallet files, browser data, and user credentials, and it injects malicious extensions, intercepts wallet application windows to steal assets.

Kaspersky said it has identified multiple attacks involving this malware family since January 2026. The framework evolved from TookPS, which was first identified in 2025 and had previously distributed a trojan downloader by impersonating software websites.

Separately, cybersecurity firm SlowMist disclosed that a wave of new malicious activity is infiltrating Web3 developers’ devices via fake LinkedIn job opportunities. Attackers pose as Web3 recruiters, send fake GitHub repositories, lure developers into pulling code, installing dependencies, and running the project, and ultimately steal project keys, cloud credentials, or wallet extension data.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned