COINTURK NEWSCOINTURK NEWSCOINTURK NEWS
  • Crypto Tracker App
  • Bitcoin
  • Altcoin
  • Ethereum
  • Advertise
  • Contact
  • TURTURTUR
  • ESESES
Search
© 2024 COINTURK NEWS. All Rights Reserved.
Reading: Kaspersky uncovers OkoBot malware stealing crypto assets, SlowMist warns of fake Web3 job scams
Share
Font ResizerAa
COINTURK NEWSCOINTURK NEWS
Font ResizerAa
Search
  • Crypto Tracker App
  • Bitcoin
  • Altcoin
  • Ethereum
  • Advertise
  • Contact
  • TURTURTUR
  • ESESES
Follow US
© 2025 >> COINTURK NEWS
Powered by LK SOFTWARE
COINTURK NEWS > Cryptocurrency News > Kaspersky uncovers OkoBot malware stealing crypto assets, SlowMist warns of fake Web3 job scams
Cryptocurrency News

Kaspersky uncovers OkoBot malware stealing crypto assets, SlowMist warns of fake Web3 job scams

In Brief

  • 🚨 Kaspersky uncovers OkoBot malware attacking crypto wallets through SSH tunnels.

  • 🧑‍💻 OkoBot harvests credentials and crypto assets, with attacks traced back to January 2026.

  • 🔗 SlowMist warns fake Web3 jobs on LinkedIn are spreading wallet-stealing trojans.

  • 🔥 Web3 developers face growing risks as attackers exploit $ETH project workflows.
Güvenç Koçkaya
Güvenç Koçkaya 2 hours ago
Share
SHARE

Kaspersky has identified a new malware framework called “OkoBot” that is specifically targeting cryptocurrency investors, the cybersecurity firm revealed in a report published on Wednesday.

Contents
Malware evolves to target wallets and credentialsFake Web3 job offers and developer-targeted malware

Malware evolves to target wallets and credentials

According to Kaspersky, OkoBot starts its infection process using social engineering strategies, such as deploying ClickFix tactics that mislead users into running malicious commands. The malware can also be delivered through trojanized GitHub applications, which infect devices with a backdoor designed to steal sensitive information.

Once installed, OkoBot can extract crypto wallet files, browser data, and user account credentials. The framework is also capable of injecting harmful browser extensions and capturing wallet application windows, giving attackers the means to steal digital assets.

Kaspersky reported multiple detected attacks involving the OkoBot family since January 2026. The company observed that OkoBot is an evolution of a previous malware campaign known as “TookPS,” first identified in 2025, which used fake software websites to distribute Trojan downloaders. By expanding on these tactics, OkoBot provides an entry point for potential copycat operations.

A notable feature of OkoBot is its orchestration of 20 separate malicious payloads through an SSH tunnel. This approach allows attackers to conduct remote data transfers from infected systems directly to external machines under their control, streamlining the theft of user information and digital assets.

Mini dictionary: SSH tunnel – A secure network protocol that enables encrypted connections between devices, often used by attackers in cyber intrusions to transfer data covertly between infected systems and command-and-control servers.

Kaspersky highlighted that the OkoBot campaign delivers all its malicious payloads via an SSH tunnel, giving attackers direct access to harvest sensitive crypto data from compromised systems.

Fake Web3 job offers and developer-targeted malware

In a separate development, blockchain security company SlowMist has warned Web3 developers about a sophisticated new threat emerging through fraudulent LinkedIn recruitment campaigns.

Attackers impersonate Web3 recruiters on LinkedIn and contact blockchain developers with offers of job opportunities. They follow up by providing links to fake GitHub repositories, claiming these contain a minimum viable product needed for a technical interview. This tactic mirrors authentic interview workflows, leading developers to download, install, and execute harmful code without suspicion.

The malicious files are designed to deliver a remote access trojan, giving bad actors complete control over infected devices. With access, attackers can steal project keys, cloud service credentials, and crypto wallet extension data.

SlowMist stated that these campaigns are becoming increasingly common, with attackers using multiple professional scenarios such as recruitment, code reviews, and collaborative projects to trick developers into activating malicious repositories.

According to SlowMist, attackers now “leverage scenarios such as recruitment, code reviews, and project collaborations to trick developers into actively running malicious repositories,” making the attacks challenging to detect.

Just a day prior to its Saturday report, SlowMist warned about a related malware campaign targeting macOS users, which aims to steal user credentials and hijack Telegram sessions. These attacks ultimately direct victims to fraudulent websites where they are prompted to input wallet recovery phrases, placing investor funds at risk.

Mini dictionary: SlowMist – A blockchain security firm specializing in blockchain ecosystem audits, threat monitoring, and vulnerability detection for Web3 projects.

You can follow our news on X, Telegram, Facebook & Coinmarketcap
Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should conduct their own research.

You Might Also Like

US seizes $1 billion in Iranian crypto, largest sanctions-related confiscation to date

Injective files SEC transfer agent application as price eyes $6 target

Warren urges Trump to disclose crypto holdings as Senate prepares for key crypto bill vote

Florida returns record $710,000 to crypto fraud victim in Jacksonville

SBI Holdings acquires majority stake in Coinhako after MAS approval

Güvenç Koçkaya 18 July, 2026 - 3:27 pm 18 July, 2026 - 3:27 pm
Share This Article
Facebook Twitter
Share
Güvenç Koçkaya
By Güvenç Koçkaya
Follow:
The author, a medical doctor and health economist, produces content on cryptocurrency markets, blockchain technologies, digital assets, and global finance.As a cryptocurrency writer and investor, he closely follows Bitcoin, altcoins, market trends, macroeconomic developments, token economies, and innovations in the digital asset ecosystem. By combining perspectives from health economics and financial analysis, he evaluates developments in cryptocurrency markets using a clear and data-driven approach.
Previous Article TrustedVolumes recovers $2 million in ETH after hacker settlement
Next Article Dogecoin holds key support near $0.07 as monthly test against Bitcoin looms
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

8.1k Like
21.1k Follow
1.1k Follow

Latest News

XRP Ledger’s tokenized gold trading volume tops $1 million as RWA growth accelerates
Real World Asset
Project Eleven unveils quantum-resistant Bitcoin wallet proof, boosts speed 16x
Bitcoin (BTC)
Ethereum falls 3.6% as major whale accumulates $165 million in 3 days
Ethereum (ETH)
//

COINTURK was launched in March 2014 by a group of technology enthusiasts who believe that Bitcoin will be as important as the internet in the world of the future thanks to the amazing technology underlying it.

CRYPTOCURRENCY LIVE PRICES

  • Bitcoin (BTC) Live Price
  • Ethereum (ETH) Live Price
  • Ripple (XRP) Live Price
  • Solana (SOL) Live Price
  • Dogecoin (DOGE) Live Price
  • Cardano (ADA) Live Price
  • Chainlink (LINK) Live Price

OUR PARTNERS

  • COINMARKETCAP
  • COINGECKO
  • BITCOINHABER
  • BH NEWS
  • 21MILYON
  • NEWSLINKER

OUR COMPANY

  • About Us
  • Cookie Policy
  • Advertising
  • Contact
COINTURK NEWSCOINTURK NEWS
Follow US
COINTURK NEWS 2026
Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Lost your password?