Kaspersky reveals OkoBot malware framework targeting crypto investors
2026-07-18 11:47
Odaily reported that cybersecurity firm Kaspersky has disclosed a new malware framework named OkoBot, which is targeting cryptocurrency investors through social engineering tactics and trojanized GitHub applications. The malware can steal crypto wallet files, browser data, and user credentials, as well as inject malicious extensions and intercept wallet application windows to steal assets.
Kaspersky stated that it has detected multiple attacks involving this malware family since January 2026. The framework evolved from TookPS, which was first identified in 2025 and distributed trojan downloaders via fake software websites.
Separately, cybersecurity firm SlowMist disclosed that a new wave of malicious activity is infiltrating Web3 developers' devices through fake LinkedIn job opportunities. The attackers pose as Web3 recruiters, sending fraudulent GitHub repositories to lure developers into cloning code, installing dependencies, and running projects, ultimately stealing project keys, cloud credentials, or wallet extension data.
Kaspersky stated that it has detected multiple attacks involving this malware family since January 2026. The framework evolved from TookPS, which was first identified in 2025 and distributed trojan downloaders via fake software websites.
Separately, cybersecurity firm SlowMist disclosed that a new wave of malicious activity is infiltrating Web3 developers' devices through fake LinkedIn job opportunities. The attackers pose as Web3 recruiters, sending fraudulent GitHub repositories to lure developers into cloning code, installing dependencies, and running projects, ultimately stealing project keys, cloud credentials, or wallet extension data.
