OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

Read full story on The Hacker News
Share
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps
AI disclosure

Summary

A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet's own desktop software. Sometimes it waits until you plug the device in first. The page is malicious. The app around it is the real one you installed, and

Original reporting

Open original source

Related coverage

Read full article on The Hacker News

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.