Kaspersky Flags OkoBot Malware Targeting Crypto Wallet Seed Phrases and Login Data

AI Market Summary
Kaspersky's discovery of OkoBot highlights elevated operational risk for retail crypto holders: the malware targets seed phrases and credentials via ClickFix social engineering and GitHub-hosted fake tools. This reinforces security-driven headwinds for self-custody adoption and can temporarily pressure broader crypto sentiment as users reassess wallet hygiene, especially around hardware-wallet injection and keylogging/clipboard theft vectors.
Impact level
● Medium
Affected assets
BTC/USDT+0.44%
AI Insight · BTC/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Kaspersky researchers have identified a new malware strain dubbed OkoBot that targets cryptocurrency users by stealing wallet seed phrases and account credentials, according to Bits.media. The toolkit reportedly relies on roughly 20 separate modules and is distributed through GitHub repositories that pose as legitimate software, including fake versions of tools such as SQL Server Management Studio. Attackers use a social-engineering method known as ClickFix to persuade victims to run malicious commands. Kaspersky says OkoBot's modules include SeedHunter, MC Keylogger, and OkoSpyware, which can tamper with hardware-wallet interactions, capture keystrokes and clipboard data, and track wallet passwords. With a recovered seed phrase, threat actors can seize control of a victim's crypto assets.