Kaspersky discovers malware OkoBot, stealing encrypted wallet mnemonic words and credentials
According to Bits.media, Kaspersky researchers have discovered the malware OkoBot, which steals cryptocurrency wallet mnemonics and credentials through approximately 20 modules. Attackers use ClickFix social engineering techniques to trick users into running malicious commands and spread them through GitHub repositories disguised as legitimate tools such as SQL Server Management Studio. OkoBot includes modules such as SeedHunter, MC Keylogger, and OkoSpyware, which are used to inject hardware wallets, record keyboard and clipboard activity, and track wallet passwords. After obtaining mnemonic words, attackers can control the victim's encrypted assets.