Close Menu
FSNN | Free Speech News NetworkFSNN | Free Speech News Network
  • Home
  • News
    • Politics
    • Legal & Courts
    • Tech & Big Tech
    • Campus & Education
    • Media & Culture
    • Global Free Speech
  • Opinions
    • Debates
  • Video/Live
  • Community
  • Freedom Index
  • About
    • Mission
    • Contact
    • Support
Trending

The Hidden Problem With Democrats’ $25 Minimum Wage Bill

1 hour ago

Kaspersky Uncovers Malware Framework Targeting Crypto Investors

1 hour ago

Today in Supreme Court History: July 18, 1942

2 hours ago
Facebook X (Twitter) Instagram
Facebook X (Twitter) Discord Telegram
FSNN | Free Speech News NetworkFSNN | Free Speech News Network
Market Data Newsletter
Saturday, July 18
  • Home
  • News
    • Politics
    • Legal & Courts
    • Tech & Big Tech
    • Campus & Education
    • Media & Culture
    • Global Free Speech
  • Opinions
    • Debates
  • Video/Live
  • Community
  • Freedom Index
  • About
    • Mission
    • Contact
    • Support
FSNN | Free Speech News NetworkFSNN | Free Speech News Network
Home»Cryptocurrency & Free Speech Finance»Kaspersky Uncovers Malware Framework Targeting Crypto Investors
Cryptocurrency & Free Speech Finance

Kaspersky Uncovers Malware Framework Targeting Crypto Investors

News RoomBy News Room1 hour agoNo Comments2 Mins Read745 Views
Share Facebook Twitter Pinterest Copy Link LinkedIn Tumblr Email VKontakte Telegram
Kaspersky Uncovers Malware Framework Targeting Crypto Investors
Share
Facebook Twitter Pinterest Email Copy Link

Listen to the article

0:00
0:00

Key Takeaways

Playback Speed

Select a Voice

Kaspersky has uncovered a new malware framework targeting cryptocurrency investors.

Dubbed “OkoBot,” the malware initiates an infection chain that starts with social engineering tactics such as ClickFix, which tricks users into running malicious commands, or trojanized GitHub apps that deliver a backdoor to infected devices, the cybersecurity company wrote in a Wednesday report.

The malware can harvest crypto wallet files, browser data and user credentials, inject malicious extensions and capture wallet application windows to steal assets. Kaspersky said it identified multiple attacks involving this malware family since January 2026.

Kaspersky added that the malware framework evolved from “TookPS,” a malware campaign first identified in 2025 that distributed a Trojan downloader through fake software websites, and that it opens the door to copycat attacks.

It differs from prior campaigns by orchestrating all 20 malicious payloads via an SSH tunnel, which enables the remote transport of data from infected computers to remote machines controlled by attackers.

Original OkoBot infection chain. Source: Kaspersky

Fake LinkedIn recruitment campaigns target Web3 developers with malware

Separately, a new malware campaign is seeking to infiltrate the devices of Web3 developers via fake LinkedIn recruitment opportunities, according to SlowMist.

Attackers contact blockchain developers via LinkedIn, posing as Web3 recruiters. They then send fake GitHub repositories to victims, claiming they contained the minimum viable product that needed to be tried before the interview, the blockchain security company said in a Saturday report.

The workflow closely resembles a legitimate technical interview where developers pull code, install dependencies and launch a project, which makes it difficult to notice the attack, according to SlowMist.

Related: UK sentences 2 hackers tied to $115M crypto ransom scheme

The malware aims to deliver a complete “remote access trojan” that infects devices, enabling attackers to steal project keys, cloud credentials, or wallet extension data from these developers.

“This attack is not an isolated case,” wrote SlowMist, adding that recent incidents illustrate that “attackers are increasingly leveraging scenarios such as recruitment, code reviews and project collaborations to trick developers into actively running malicious repositories.”

The report came a day after SlowMist warned of a separate malware campaign targeting macOS users, aiming to steal their credentials and hijack their Telegram sessions to ultimately trick investors into entering their wallet recovery phrases through fake websites.

Magazine: Does Botanix’s failure prove Bitcoiners don’t care about DeFi?

Read the full article here

Fact Checker

Verify the accuracy of this article using AI-powered analysis and real-time sources.

Get Your Fact Check Report

Enter your email to receive detailed fact-checking analysis

5 free reports remaining

Continue with Full Access

You've used your 5 free reports. Sign up for unlimited access!

Already have an account? Sign in here

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Telegram Copy Link
News Room
  • Website
  • Facebook
  • X (Twitter)
  • Instagram
  • LinkedIn

The FSNN News Room is the voice of our in-house journalists, editors, and researchers. We deliver timely, unbiased reporting at the crossroads of finance, cryptocurrency, and global politics, providing clear, fact-driven analysis free from agendas.

Related Articles

Cryptocurrency & Free Speech Finance

French Gambling Authority Blocks Polymarket Access

3 hours ago
Cryptocurrency & Free Speech Finance

MacOS Malware Uses Telegram Session Hijacking to Target Crypto Wallets

12 hours ago
Cryptocurrency & Free Speech Finance

Bitcoin Has Already Spent 42 Days Building Its Bottom, This Metric Says

13 hours ago
Cryptocurrency & Free Speech Finance

Stablecoin growth will erode bank deposits, says ECB’s Cipollone

14 hours ago
Cryptocurrency & Free Speech Finance

Bolivia Eyes USDT as Miners’ AI Pivot Faces New Scrutiny

15 hours ago
Cryptocurrency & Free Speech Finance

FTX to Distribute $900M to Creditors in Fifth Payment Round

16 hours ago
Add A Comment
Leave A Reply Cancel Reply

Editors Picks

Kaspersky Uncovers Malware Framework Targeting Crypto Investors

1 hour ago

Today in Supreme Court History: July 18, 1942

2 hours ago

Labor Unions Hate Robots—and It’s Stopping Democrats From Delivering on Affordability

3 hours ago

French Gambling Authority Blocks Polymarket Access

3 hours ago
Latest Posts

Justice Kagan Says Don’t Call It the “Shadow Docket”

4 hours ago

Election Vulnerability

5 hours ago

Are the Epstein Files a Moral Panic?

6 hours ago

Subscribe to News

Get the latest news and updates directly to your inbox.

At FSNN – Free Speech News Network, we deliver unfiltered reporting and in-depth analysis on the stories that matter most. From breaking headlines to global perspectives, our mission is to keep you informed, empowered, and connected.

FSNN.net is owned and operated by GlobalBoost Media
, an independent media organization dedicated to advancing transparency, free expression, and factual journalism across the digital landscape.

Facebook X (Twitter) Discord Telegram
Latest News

The Hidden Problem With Democrats’ $25 Minimum Wage Bill

1 hour ago

Kaspersky Uncovers Malware Framework Targeting Crypto Investors

1 hour ago

Today in Supreme Court History: July 18, 1942

2 hours ago

Subscribe to Updates

Get the latest news and updates directly to your inbox.

© 2026 GlobalBoost Media. All Rights Reserved.
  • Privacy Policy
  • Terms of Service
  • Our Authors
  • Contact

Type above and press Enter to search. Press Esc to cancel.

🍪

Cookies

We and our selected partners wish to use cookies to collect information about you for functional purposes and statistical marketing. You may not give us your consent for certain purposes by selecting an option and you can withdraw your consent at any time via the cookie icon.

Cookie Preferences

Manage Cookies

Cookies are small text that can be used by websites to make the user experience more efficient. The law states that we may store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission. This site uses various types of cookies. Some cookies are placed by third party services that appear on our pages.

Your permission applies to the following domains:

  • https://fsnn.net
Necessary
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Statistic
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preferences
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Marketing
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.