Bitcoin Forum
July 16, 2026, 11:57:07 PM *
News: Latest Bitcoin Core release: 31.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: OkoBot: new sophisticated malware framework targets cryptocurrency users  (Read 45 times)
SatsPH (OP)
Member
**
Offline

Activity: 108
Merit: 67

For JM


View Profile
Today at 10:37:22 AM
 #1

Kaspersky has recently released their finding about a malware framework called OkoBot. It is said that this malware has been running since April 2025. And one of it's modules is build and targets hardware wallet owners to type their recovery phase.



And this module is called SeedHunter. So once you installed and your device is infected, it watches for the following hardware wallet:

  • Trezor Suite
  • Ledger Wallet
  • Ledger Live

It even has the capability to wait, as it scans for USB by vendor and product ID (very smart), then wait for the real hardware to be plug in your computer.



So this threat is really very dangerous as it targets specific device which is the hardware wallet.

As for the victims it is reported to be:



I also urged to read the report, it's very complicated as I only touch the ones that is important.



https://securelist.com/okobot-framework-targets-cryptocurrency-wallets/120660/

348Judah
Hero Member
*****
Offline

Activity: 1512
Merit: 684



View Profile
Today at 01:31:35 PM
 #2

What amazes me about this whole thing is that scam cannot be regulated and the more they are discovering about the particular route they are using, the higher their chances of discovering for more possible route to engage in attacking people, this shows that we have to give it a level of commitment to advancing our security measures and keep updated from time to time so that we don't fall a victim of any.

Patikno
Sr. Member
****
Offline

Activity: 896
Merit: 320



View Profile WWW
Today at 05:39:11 PM
 #3

The victims may not have reached my country yet, but it is possible the malware will soon affect other countries that; haven't been affected by the virus or malware. So, I think this news needs to be heeded to prevent more victims. Furthermore, the malware also has a keylogger that can record the activity of infected users, and OkoSpyware also monitors various crypto-related applications. In addition, the malware also monitors browsers and installed extensions.

I think we need to be careful about what we do online, especially if we are trying to download files from unofficial sources. It should be better not to proceed.

According to the source OP attached, the malware is implanted into applications that "seem legitimate, or official", even though there are already malware ready to attack potential victims. Therefore, I think the solution is to be wary of downloading files from search engines.

The source the OP attached also provides an example: the Audacity application in one case. After I tried to visit the official website, it turns out that Audacity provides a "Checksum" to ensure the integrity of the files they provide, so that people who want to download them can try to match the code, and I think it is the same as a digital signature that can be verified.

█████████████████████████████
█████████████████████████
█████████████████████████
███████████▀▄▀███████████
██▄▀▀▀██▀▄███▄▀██▀▀▀████
██▌▐███▄▄█████▀███████▐██
████████████████████████
███▌▐████████████████▐███
████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████████
 rizzy 
██████
██
██
██
██
██
██
██
██
██
██
██
██████
█▌█▌█▌████
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌██
█▌█▌█▌████
████████████

 
████████████
██████████████████████████████████████████████████████████████████
 
THE HOME OF THE
   MOST REWARDING   
GAMING EXPERIENCE
██████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
100%DEPOSIT
MATCH
+ 100 FREE SPINS
██████████████████████████████████████████████████████████████████
████████████

 
████████████
████▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
██▐█▐█▐█
████▐█▐█▐█
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
joniboini
Legendary
*
Offline

Activity: 2982
Merit: 1909



View Profile WWW
Today at 07:14:11 PM
 #4

What amazes me about this whole thing is that scam cannot be regulated and the more they are discovering about the particular route they are using, the higher their chances of discovering for more possible route to engage in attacking people,
Based on past malwares, we know some of them utilize known weakness that has been patched in newer software version or something similar, but users failed to protect themselves properly by installing fake apps and whatnot. So it's not like they're always one step ahead of security researchers. The problem is whether the users aware of any possible attack vectors on the internet. I'm not saying they should understand what this specific CVE means, but it doesn't take a lot of time to research the general rule that malwares spread through downloaded files, users need to open them and give permissions, etc.

▄▄████████████████████▄▄
▄███████▀▀██████▀▀███████▄
████████████████████████
████████▄▄██████▄▄██████

████████████████████████
██▄▄█████████████▄▄██████
██▀▀██████████████████▄▄██
██████▀▀██████████████▀▀██
██████████████████████████
██████▀▀██████▀▀████████
████████████████████████
▀███████▄▄██████▄▄███████▀
▀▀████████████████████▀▀
 
 DΞX.fo 
▄▄██████
█████████
██████████
█████████
██████████
█████████
▀▀██████

▄███████
▄██████████
████████████
█████████████
█████████████
|
▄▄█
▄████▀
▄███▀
▄██▀▄██
█████▀▀
███████
████████
▀██▄████
▄████▄▄
▄█████▀███
▄█████▀████
█████▀███████
▀██▀█████████
|  BTC     XMR  
  DAI     LTC  
   Fees  0.8%    
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!