"The OkoBot malware represents a significant threat to cryptocurrency owners," stated a Kaspersky analyst. As the malware framework enters an active phase, hundreds of users from 25 countries are at risk of losing their digital assets.

Kaspersky's Global Research and Analysis Team (GReAT) has highlighted a troubling shift in hacker tactics, as they are now targeting individuals who believed they were secure from such attacks. OkoBot intercepts functions of legitimate applications, including Ledger Live and Trezor Suite, and displays counterfeit verification windows to deceive users.

To protect themselves, Kaspersky recommends users adhere to three vital security practices: avoid entering seed phrases via a PC keyboard, refrain from executing third-party scripts from the internet, and check for hidden RDP access on their systems. The malware is deliberately aimed at IT professionals and software developers, often masquerading as popular work tools and distributing infected software through platforms like GitHub.

Kaspersky researchers have identified the malware within a fake installer for Microsoft SQL Server Management Studio. Furthermore, attackers are employing ClickFix attacks, a social engineering method that convinces users to run malicious code in a terminal under the guise of fixing browser errors. Analysts anticipate that OkoBot's geographical impact will grow, as the malware’s modular structure consists of over 20 components, including the Rilide infostealer and OkoSpyware modules.

This material is for informational purposes only and does not constitute financial advice.