Thehackernews
OkoBot Malware Targets Cryptocurrency Users to Steal Seed Phrases
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The OkoBot malware framework has been identified as a significant threat to cryptocurrency users, specifically targeting Ledger and Trezor wallets. This multi-stage malware captures sensitive information, including recovery phrases, browser credentials, wallet files, keystrokes, screenshots, and application video recordings. Researchers first detected OkoBot's activity in January 2026, but its TookPS downloader component has been operational since March 2025. The malware injects phishing mechanisms directly into Ledger and Trezor applications, making it particularly dangerous for users of these wallets. The full scope of the impact is still being assessed, but the potential for significant financial loss is high. Users are urged to remain vigilant and implement security measures to protect their assets.
Key Points: • OkoBot malware targets Ledger and Trezor wallets to steal recovery phrases. • The malware has been active since at least March 2025, with detection in January 2026. • Phishing injections into wallet applications increase the risk of credential theft.