Kaspersky Flags OkoBot Malware Targeting Crypto Wallet Seed Phrases Across Multiple Countries
AI Market Summary
Kaspersky's discovery of OkoBot, a modular malware targeting wallet seed phrases via ClickFix social engineering and GitHub impersonation, underscores persistent endpoint and supply-chain risks for self-custody users. By enabling full asset takeover and near-irreversible losses, the campaign can depress near-term retail risk appetite and increase sensitivity to security headlines, particularly across affected regions (Brazil, Vietnam, Canada, Mexico, Turkey).
Impact level
● Medium
Affected assets
BTC/USDT+0.46%
AI Insight · BTC/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Kaspersky researchers have identified a new piece of malware dubbed OkoBot that steals cryptocurrency wallet seed phrases and login details using roughly 20 separate modules, Bits.media reported, citing Mars Finance.
The campaign relies on the ClickFix social-engineering method to persuade users to run malicious commands. Distribution is carried out through GitHub repositories masquerading as legitimate software, including tools presented as SQL Server Management Studio.
Key components include SeedHunter, which inserts counterfeit recovery interfaces into hardware wallets such as Trezor and Ledger during seed-phrase recovery; MC Keylogger, which captures keystrokes and clipboard activity; and OkoSpyware, which monitors wallet passwords and records window video. With a seed phrase in hand, attackers can fully take over a victim's crypto holdings, leaving recovery of funds highly unlikely.
Kaspersky said OkoBot has been active for more than a year. Most victims are located in Brazil, Vietnam, Canada, Mexico, and Turkey. The operators also use geofencing to block IP addresses from Russia and other CIS countries.