Close Menu
StreamLineCrypto.comStreamLineCrypto.com
  • Home
  • Crypto News
  • Bitcoin
  • Altcoins
  • NFT
  • Defi
  • Blockchain
  • Metaverse
  • Regulations
  • Trading
What's Hot

Polymarket: Le Pen 32% in 2027 French race, volume tops $114.8M

July 18, 2026

SWIFT built its answer to stablecoins: Bank money

July 18, 2026

SUI Prints Bullish Flag Pattern As Traders Watch For Breakout

July 18, 2026
Facebook X (Twitter) Instagram
Saturday, July 18 2026
  • Contact Us
  • Privacy Policy
  • Cookie Privacy Policy
  • Terms of Use
  • DMCA
Facebook X (Twitter) Instagram
StreamLineCrypto.comStreamLineCrypto.com
  • Home
  • Crypto News
  • Bitcoin
  • Altcoins
  • NFT
  • Defi
  • Blockchain
  • Metaverse
  • Regulations
  • Trading
StreamLineCrypto.comStreamLineCrypto.com

Kaspersky exposes OkoBot’s 20-module crypto wallet attack

July 18, 2026Updated:July 18, 2026No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Kaspersky exposes OkoBot’s 20-module crypto wallet attack
Share
Facebook Twitter LinkedIn Pinterest Email
ad

Kaspersky has uncovered OkoBot, a year-old malware operation that makes use of roughly 20 modules to steal crypto pockets restoration phrases and has affected customers throughout not less than 5 international locations.

Abstract

  • Kaspersky uncovered OkoBot utilizing roughly 20 modules to steal crypto pockets credentials.
  • The malware has affected customers in Brazil, Vietnam, Canada, Mexico, and Turkey.
  • OkoBot makes use of pretend restoration screens, keylogging, spy ware, and ClickFix instructions to focus on victims.

Kaspersky researchers found that the malware has remained energetic for greater than a yr, in keeping with a report printed by Bits.media. Most recognized victims have been situated in Brazil, Vietnam, Canada, Mexico, and Turkey, whereas the operators blocked IP addresses from Russia and different Commonwealth of Unbiased States international locations.

Distributed by way of GitHub repositories, OkoBot is disguised as professional software program, together with Microsoft SQL Server Administration Studio. Kaspersky discovered that the attackers depend on the ClickFix social engineering technique, which tips victims into operating malicious instructions on their very own gadgets.

The approach typically presents customers with pretend error messages, verification steps, or restore directions. Following these instructions causes victims to execute code that installs the malware with out realizing the command is malicious.

OkoBot targets seed phrases and pockets credentials

Amongst OkoBot’s modules, SeedHunter shows a pretend restoration interface linked to {hardware} wallets akin to Ledger and Trezor, in keeping with Kaspersky. When customers enter their restoration phrases into the fraudulent display screen, the module sends the knowledge to the malware operators.

A second module referred to as MC Keylogger data keyboard enter and displays clipboard exercise, permitting it to seize passwords, copied pockets addresses, and different credentials. OkoSpyware can monitor pockets passwords and file movies of open home windows, giving attackers one other solution to observe exercise on an contaminated system.

As soon as a restoration phrase is uncovered, the attackers can use it to take management of the related pockets and transfer its property. Kaspersky warned that victims have little probability of recovering stolen cryptocurrency as a result of blockchain transfers are typically irreversible.

The malware’s modular design additionally lets its operators acquire various kinds of info from a single contaminated system. Based on the safety firm’s findings, OkoBot can goal each pockets entry information and credentials linked to different companies used on the system.

ClickFix assaults have additionally focused crypto builders

OkoBot is the most recent malware marketing campaign discovered utilizing ClickFix towards the cryptocurrency sector. As crypto.information reported in April, North Korea’s state-backed Lazarus Group used the identical approach in a macOS marketing campaign generally known as “Mach-O Man.”

Citing analysis from CertiK, the report discovered that Lazarus despatched pretend on-line assembly invites to fintech and crypto executives. Victims have been instructed to stick supposed restore or verification instructions into the macOS Terminal, which put in malware able to stealing cryptocurrency and company info.

CertiK additionally discovered that the Mach-O Man toolkit deleted itself after operating, making forensic evaluation harder. The marketing campaign mixed social engineering with terminal-level instructions as a substitute of relying solely on malicious file downloads.

Developer instruments have supplied one other route into crypto techniques. In Might, crypto.information reported that TrapDoor malware was distributed by way of poisoned software program packages concentrating on builders in cryptocurrency, decentralized finance, synthetic intelligence, and safety infrastructure.

Based on that report, TrapDoor sought pockets information, API keys, cloud credentials, and SSH entry tied to companies and ecosystems together with Coinbase, Binance, MetaMask, Courageous, Solana, Sui, and Aptos. Researchers additionally discovered hidden prompts designed to govern Claude and Cursor into operating pretend safety scans that uncovered secrets and techniques and transmitted them to the attackers.

ad
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Related Posts

SWIFT built its answer to stablecoins: Bank money

July 18, 2026

The traditional bank account is facing an existential threat from digital wallets

July 18, 2026

Bitcoin is trading through a dangerous weekend as 20% of the world’s oil hangs in the balance

July 18, 2026

China found a $125 billion escape valve for an economy running out of momentum

July 18, 2026
Add A Comment
Leave A Reply Cancel Reply

ad
What's New Here!
Polymarket: Le Pen 32% in 2027 French race, volume tops $114.8M
July 18, 2026
SWIFT built its answer to stablecoins: Bank money
July 18, 2026
SUI Prints Bullish Flag Pattern As Traders Watch For Breakout
July 18, 2026
The traditional bank account is facing an existential threat from digital wallets
July 18, 2026
Polymarket 2028 odds: Vance leads at 19.75% as SAVE Act debate simmers
July 18, 2026
Facebook X (Twitter) Instagram Pinterest
  • Contact Us
  • Privacy Policy
  • Cookie Privacy Policy
  • Terms of Use
  • DMCA
© 2026 StreamlineCrypto.com - All Rights Reserved!

Type above and press Enter to search. Press Esc to cancel.