New OkoBot framework deploys 20 payloads to steal data, crypto

New OkoBot framework deploys 20 payloads to steal data, crypto
OkoBot is a malicious framework that uses ClickFix attacks and fake GitHub software repositories to deliver more than 20 payloads aimed at stealing cryptocurrency wallet seed phrases, credentials, and other sensitive data. Kaspersky says the campaign evolved from TookPS, uses multiple stages including an SSH bot, and has heavily targeted users in Brazil while remaining active globally. #OkoBot #TookPS #Kaspersky #SeedHunter #Rilide

Keypoints

  • OkoBot delivers more than 20 payloads for data theft.
  • It spreads through ClickFix attacks and fake GitHub repositories.
  • The campaign evolved from the earlier TookPS activity.
  • SeedHunter steals cryptocurrency wallet recovery phrases.
  • OkoBot also collects credentials, cookies, and system details.

Read More: https://www.bleepingcomputer.com/news/security/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/