
Cybersecurity company Kaspersky said a newly identified malware framework is targeting cryptocurrency investors through social engineering tactics and trojanized GitHub apps.
Kaspersky has uncovered a new malware framework targeting cryptocurrency investors.
Dubbed “OkoBot,” the malware initiates an infection chain that starts with social engineering tactics such as ClickFix, which tricks users into running malicious commands, or trojanized GitHub apps that deliver a backdoor to infected devices, the cybersecurity company wrote in a Wednesday report.
The malware can harvest crypto wallet files, browser data and user credentials, inject malicious extensions and capture wallet application windows to steal assets. Kaspersky said it identified multiple attacks involving this malware family since January 2026.




Comments (No)