Home/News/OkoBot Malware Targets Ledger, Trezor Users With Seed Phrase Phishing
The Hacker News2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

OkoBot Malware Targets Ledger, Trezor Users With Seed Phrase Phishing

OkoBot Malware Targets Ledger, Trezor Users With Seed Phrase Phishing

The OkoBot malware framework, operational on Windows systems since April 2025, has introduced a sophisticated module specifically designed to target owners of hardware cryptocurrency wallets. This module aims to steal users' recovery seed phrases by presenting them with deceptive interfaces that mimic legitimate wallet applications. When a user interacts with their hardware wallet on an infected computer, OkoBot can intercept and overlay fake prompts that appear to originate from within the trusted wallet software itself.

This phishing technique is particularly insidious because it leverages the user's existing trust in their installed wallet applications. The malware can wait for the user to connect their hardware wallet, such as those manufactured by Ledger or Trezor, before initiating the attack. Once triggered, OkoBot displays a malicious page that looks identical to the genuine interface of the wallet application. Users are then prompted to enter their sensitive 12-word or 24-word recovery phrase, believing they are performing a legitimate security action or update.

Upon receiving the stolen seed phrase, OkoBot transmits this critical information to its command-and-control server. This allows attackers to gain full control over the victim's cryptocurrency assets stored on the compromised hardware wallet. The malware's persistence and its targeted approach highlight a growing threat landscape for cryptocurrency users, emphasizing the need for enhanced vigilance and security practices beyond relying solely on hardware wallets. The framework's ability to inject these phishing attempts directly into the user's workflow makes detection challenging for the average user.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next