New OkoBot Malware Steals Crypto Seeds from Trezor and Ledger Wallets
New Steals Crypto Seeds from Trezor and Ledger Wallets
Cryptocurrency users face a growing danger from a new malware framework called OkoBot. This threat uses advanced tools to steal seed phrases and monitor browsers. It has already hit hundreds of people in more than 25 countries. The highest numbers of victims are in Brazil, Vietnam, Canada, Mexico, and Türkiye.
What Is the ?
OkoBot is a complex set of more than 20 malicious tools. It can grab local files, run remote commands, steal wallet data, record video from app windows, and more. One key part is
The framework also includes SeedHunter. This component checks running processes on the computer. It then injects code into apps like Trezor Suite, Ledger Wallet, and Ledger Live. When it spots a connected hardware wallet, it shows a fake phishing page to trick users into giving up their seed phrase.
How Does the Attack Start?
Attackers spread OkoBot in two main ways. First, they use ClickFix tricks. They fool people into running bad code through social engineering. Second, they upload fake software on GitHub. One example was a fake installer for SQL Server Management Studio that looked real but carried the malware.
The campaign has run for over a year and was still active in July 2026. It mainly targets developers and crypto users. The malware keeps getting updates, which shows the creators are still working on it.
Why Crypto Users Are at Risk
Many parts of OkoBot focus on stealing from cryptocurrency holders. It watches Chromium-based browsers and can load bad extensions. It also drops other stealers like Rilide. Once inside, it can empty wallets or grab recovery phrases that give full control over funds.
Because the threat is active and growing, more users could lose money if they do not stay careful. The code has Russian text hints, but experts have not linked it to any known group yet.
How to Protect Yourself
Follow these simple steps to lower your risk:
- Never run unknown code from untrusted sources or guides.
- Install strong security software on every device.
- Store seed phrases and passwords only in a trusted manager, never in photos or notes.
- Keep all apps and your operating system updated.
- Use unique passwords and turn on multi-factor authentication.
- Do not turn off security tools to install anything.
By staying alert and using good habits, crypto users can avoid falling victim to this type of attack. The threat shows why hardware wallet users must double-check every screen before entering sensitive data.