Kaspersky Unveils OkoBot Malware Framework Targeting Cryptocurrency Investors
2026-07-18 11:47
Odaily News Cybersecurity firm Kaspersky has revealed that a new malware framework named OkoBot is targeting cryptocurrency investors through social engineering tactics and trojanized GitHub applications. The malware can steal crypto wallet files, browser data, and user credentials, as well as inject malicious extensions and hijack wallet application windows to steal assets.
Kaspersky stated that multiple attacks involving this malware family have been identified since January 2026. The framework evolved from TookPS, which was first identified in 2025 and was distributed via fake software websites hosting trojan downloaders.
Separately, cybersecurity firm SlowMist disclosed that a new wave of malicious activity is infiltrating Web3 developers' devices through fake LinkedIn job opportunities. Attackers pose as Web3 recruiters and send fraudulent GitHub repositories, tricking developers into pulling code, installing dependencies, and running projects, ultimately stealing project keys, cloud credentials, or wallet extension data.
Kaspersky stated that multiple attacks involving this malware family have been identified since January 2026. The framework evolved from TookPS, which was first identified in 2025 and was distributed via fake software websites hosting trojan downloaders.
Separately, cybersecurity firm SlowMist disclosed that a new wave of malicious activity is infiltrating Web3 developers' devices through fake LinkedIn job opportunities. Attackers pose as Web3 recruiters and send fraudulent GitHub repositories, tricking developers into pulling code, installing dependencies, and running projects, ultimately stealing project keys, cloud credentials, or wallet extension data.
