HackerFeeds

CyberSecurity News

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

The Hacker News
· July 15, 2026

AI summary

A malware framework known as OkoBot has been active on Windows machines and includes a module designed to deceive owners of hardware wallets into revealing their recovery phrase. This module operates by displaying a phishing request from within the legitimate desktop software of the wallet, which can occur either immediately or after the hardware device is connected to the infected computer. The phishing page itself is malicious, while the surrounding application appears to be the genuine software that the user installed. The OkoBot malware has been running on Windows machines since at least April 2025. The affected hardware wallets include those from Ledger and Trezor. The malware's ability to pose as a legitimate request from the wallet's own software makes it a potentially convincing ph

Read the full article at The Hacker Newsthehackernews.com/2026/07/okobot-malware-framework-injects-seed.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.