Kaspersky Lab experts have discovered OkoBot – a platform consisting of more than 20 modules for stealing cryptocurrency and wallet data. It intercepts passwords and keystrokes, records what happens in the application window, and installs malicious browser extensions.
Attackers convince people to run a dangerous command themselves or place infected files on GitHub disguised as regular programs. One of the lures was an installer for a Microsoft database tool.
The SeedHunter module is particularly dangerous. It monitors the launch of Trezor Suite, Ledger Wallet, and Ledger Live, and then displays a fake recovery window. If a seed phrase is entered there, criminals gain access to crypto assets.
Infection attempts have been made against hundreds of users in more than 25 countries, but most often they occurred in Brazil, Vietnam, Canada, Mexico, and Turkey. This campaign has been ongoing for over a year and is still active. Who is behind the attacks is unknown: researchers found Russian-language traces, but this is not enough for accurate conclusions.
Read more on the topic:
It will be possible to legally buy cryptocurrencies as early as November: The Central Bank is preparing rules for the first operations
Scammers create fake Moscow Exchange "gateway": Russians promised cryptocurrency at Central Bank exchange rate
Cryptocurrency at the checkout: T-Bank uncovers scheme with QR codes and drop cards

Комментарии