Loading market data...
ALL

Kaspersky identifies malware framework targeting crypto investors

Source: Cointelegraph | Summary by ChikoCorp|
|2 min read
Kaspersky identifies malware framework targeting crypto investors
Visit source

AI-assisted summary based on the linked source. Verify market-moving details at the original publisher before acting.

Kaspersky has identified a new malware framework called "OkoBot" that specifically targets cryptocurrency investors. The infection process begins with social engineering methods, including a tactic named ClickFix that deceives users into executing malicious commands and trojanized GitHub applications that install backdoors on victim devices. Once active, OkoBot is capable of harvesting crypto wallet files, browser data, user credentials, injecting harmful browser extensions, and capturing wallet application screens to steal digital assets. The cybersecurity firm noted that attacks involving this malware have been detected since January 2026.

The OkoBot framework is an evolution of a previous malware campaign called "TookPS," first discovered in 2025, which distributed Trojan downloaders through fake software websites. One distinguishing feature of OkoBot is its use of an SSH tunnel to manage all 20 malicious payloads remotely, enabling attackers to securely exfiltrate data from infected computers. This technical advancement increases the malware’s stealth and effectiveness, raising concerns about potential widespread copycat attacks.

In a related development, SlowMist reported a parallel malware campaign aiming at Web3 developers by impersonating recruiters on LinkedIn. Attackers pose as recruiters and send fake GitHub repositories alleged to contain essential interview project files. These malicious repositories deliver remote access Trojans that allow attackers to steal sensitive information such as project keys, cloud credentials, and wallet extension data. This approach mimics legitimate development workflows, making it challenging for targets to detect the threat.

Both campaigns reflect evolving attack strategies targeting the cryptocurrency ecosystem and its developers through social engineering and technical sophistication. These incidents underscore the growing risk to crypto asset security by increasingly subtle malware distribution techniques, emphasizing the need for heightened vigilance among investors and blockchain professionals. The ongoing threat landscape also highlights the challenges in securing remote work environments where software downloads and code collaboration are routine.

Read the original source

RELATED ARTICLES

> JOIN THE ALPHA

Get breaking crypto news before your friends do. Join 50,000+ degens receiving alpha directly to their inbox.

>
[ENCRYPTED][NO_SPAM][UNSUBSCRIBE_ANYTIME]