Svmuu News: Cybersecurity firm Kaspersky has revealed that a new malware framework called OkoBot is targeting cryptocurrency investors through social engineering tactics and a GitHub application infected with a Trojan. The malware can steal cryptocurrency wallet files, browser data, and user credentials, as well as inject malicious extensions and hijack wallet app windows to steal assets.
Kaspersky stated that multiple attacks involving this malware family have been detected since January 2026. The framework evolved from TookPS, which was first identified in 2025 and previously distributed Trojan downloaders via fake software websites.
Cybersecurity firm SlowMist separately disclosed that a new wave of malicious activity is infiltrating Web3 developers’ devices through fake LinkedIn job postings. Attackers impersonate Web3 recruiters to send fake GitHub repositories, tricking developers into pulling code, installing dependencies, and running projects—ultimately stealing project keys, cloud credentials, or wallet extension data.