Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
OkoBot Malware Targets Ledger, Trezor Wallets

OkoBot Malware Targets Ledger, Trezor Wallets

Posted on July 15, 2026 By CWS

Introduction to OkoBot Malware

A sophisticated malware framework, known as OkoBot, has been targeting Windows systems since April 2025, aiming at cryptocurrency hardware wallet users. The malware attempts to steal recovery phrases from users of Ledger and Trezor wallets.

Kaspersky’s Global Research and Analysis Team (GReAT) reported the malware is active in over 25 countries, with Brazil, Vietnam, Canada, Mexico, and Türkiye seeing the highest number of affected users. The malware exploits legitimate wallet software to execute its attack.

How SeedHunter Operates

One of OkoBot’s key components is SeedHunter, a module designed to capture recovery phrases from wallet applications. Once it infiltrates a system, SeedHunter monitors for applications like Trezor Suite and Ledger Live, injecting itself into these programs.

The module connects to a server, moonsand[.]store, and waits for a real Ledger or Trezor device to be connected. Upon detection, it displays a fake recovery phrase request page within the authentic application, deceiving users into typing their sensitive information.

Distribution Tactics of OkoBot

OkoBot spreads through various methods, including trojanized software downloads and phishing lures. For example, a GitHub repository falsely advertised SQL Server Management Studio but delivered a compromised version of Audacity embedded with malicious code.

Another distribution path involves TookPS, a PowerShell downloader, which facilitates the installation of additional malware components and establishes a connection to attacker-controlled servers, allowing further data exfiltration and system control.

Security Implications and Recommendations

The OkoBot framework deploys numerous surveillance tools, including keyloggers and video recording software, to monitor user activity and capture sensitive information. It also manipulates system configurations to maintain persistence and evade detection.

Users are advised to be vigilant and avoid entering recovery phrases unless prompted by their hardware device. Regularly updating software, using trusted download sources, and employing robust security solutions can mitigate the risk of infection.

Conclusion and Future Outlook

With no specific vulnerabilities in the hardware wallets themselves, the focus remains on securing endpoints and software environments. As cybercriminal tactics evolve, staying informed and adopting comprehensive security measures is crucial for safeguarding digital assets.

The Hacker News Tags:crypto theft, Cryptocurrency, cyber attack, cyber threat, Cybersecurity, hardware wallet, Kaspersky, Ledger, Malware, OkoBot, Phishing, security breach, SeedHunter, Trezor, Windows malware

Post navigation

Previous Post: Critical Vulnerability in Cursor Exposes Windows Systems
Next Post: Security Flaws Addressed by Fortinet, Ivanti, and ServiceNow

Related Posts

Salesforce Experience Cloud Faces Security Threats Salesforce Experience Cloud Faces Security Threats The Hacker News
Russian Hacker Jailed for M Ransomware Scheme in U.S. Russian Hacker Jailed for $9M Ransomware Scheme in U.S. The Hacker News
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack The Hacker News
Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro The Hacker News
Secure Your System: Eliminate Orphaned Identities Secure Your System: Eliminate Orphaned Identities The Hacker News
North Korean Hackers Exploit GitHub in South Korea Cyber Attacks North Korean Hackers Exploit GitHub in South Korea Cyber Attacks The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Insignary Unveils Clarity On-Demand for SBOMs Without Commitment
  • Security Flaws Addressed by Fortinet, Ivanti, and ServiceNow
  • OkoBot Malware Targets Ledger, Trezor Wallets
  • Critical Vulnerability in Cursor Exposes Windows Systems
  • CISA Demands Urgent SharePoint Security Fixes

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Insignary Unveils Clarity On-Demand for SBOMs Without Commitment
  • Security Flaws Addressed by Fortinet, Ivanti, and ServiceNow
  • OkoBot Malware Targets Ledger, Trezor Wallets
  • Critical Vulnerability in Cursor Exposes Windows Systems
  • CISA Demands Urgent SharePoint Security Fixes

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark