OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

Article summary
Quick briefing — cleaned from the original RSS feed
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet's own desktop software. Sometimes it waits until you plug the device in first. The page is malicious. The app around it is the real one you installed, and
1Key Takeaways
- A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase.
- On an infected PC, the request comes from inside the wallet's own desktop software.
- Sometimes it waits until you plug the device in first.
- The app around it is the real one you installed, and.
2AIWedia Score
8.3/10
High relevance — worth your attention today
Based on source trust, recency, category impact, and story depth.
3Why it matters
Security headlines highlight new attack surfaces as AI gets embedded in more systems. The Hacker News reports that a malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase.
Explore related
Browse toolsRelated tools
Cybersecurity news
Explore curated cybersecurity tools on AIWedia — compare, rank, and launch from our directory.
Full story on The Hacker News
Read full articleHeadlines aggregated via RSS for discovery on AIWedia. Original content © The Hacker News. We link to the source and do not republish full articles.
