negativeSYS.SOURCE: The Hacker News• 2026-07-15T21:00:30+05:30
OkoBot Malware Exploits Hardware Wallets to Steal Seed Phrases via Desktop Injection
OkoBot malware injects seed phrase phishing into Ledger and Trezor desktop apps by compromising hardware wallet software through USB triggers and trojanized downloads. The framework uses multiple payloads including SeedHunter to steal recovery phrases while maintaining legitimate app functionality.
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase.
On an infected PC, the request comes from inside the wallet's own desktop software. Sometimes it waits until you plug the device in first. The page is malicious. The app around it is the real one you installed, and
*** END OF TRANSMISSION ***