Kaspersky Unveils OkoBot Malware Framework Targeting Cryptocurrency Investors
2026-07-18 11:47
Odaily Odaily News: Cybersecurity firm Kaspersky has disclosed that a new malware framework called OkoBot is targeting cryptocurrency investors through social engineering tactics and trojanized GitHub applications. The malware can steal crypto wallet files, browser data, and user credentials, as well as inject malicious extensions and intercept wallet application windows to steal assets.
Kaspersky reports that attacks involving this malware family have been detected since January 2026. The framework evolved from TookPS, which was first identified in 2025 and was previously distributed via trojan downloaders through fake software websites.
Separately, cybersecurity firm SlowMist has disclosed that a new wave of malicious activity is infiltrating Web3 developers' devices through fake LinkedIn recruitment opportunities. Attackers, impersonating Web3 recruiters, send fake GitHub repositories, tricking developers into pulling code, installing dependencies, and running projects, ultimately stealing project keys, cloud credentials, or wallet extension data.
Kaspersky reports that attacks involving this malware family have been detected since January 2026. The framework evolved from TookPS, which was first identified in 2025 and was previously distributed via trojan downloaders through fake software websites.
Separately, cybersecurity firm SlowMist has disclosed that a new wave of malicious activity is infiltrating Web3 developers' devices through fake LinkedIn recruitment opportunities. Attackers, impersonating Web3 recruiters, send fake GitHub repositories, tricking developers into pulling code, installing dependencies, and running projects, ultimately stealing project keys, cloud credentials, or wallet extension data.
