
A new malicious framework called OkoBot is delivering more than 20 payloads in attacks focused on stealing cryptocurrency wallet seed phrases, credentials, and other sensitive data.
OkoBot reaches victims through ClickFix attacks or malicious GitHub repositories pretending to host legitimate software tools.
In one case, a repository claimed to offer SQL Server Management Studio (SSMS) but dropped a trojanized version of the Audacity audio editing tool.
Researchers at cybersecurity company Kaspersky say that the OkoBot campaign has been ongoing for more than a year and evolved from the activity that delivered the malicious PowerShell script TookPS.
However, the infection chain has been completely changed, with…








