OkoBot Malware Uses ClickFix and SeedHunter to Steal Ledger and Trezor Seed Phrases

The OkoBot malware utilizes ClickFix social engineering and the SeedHunter implant to steal cryptocurrency recovery phrases from Ledger and Trezor users. This modular framework establishes persistent remote access via SSH tunnels and fake application prompts to exfiltrate sensitive financial data.

Edward Kiledjian @ekiledjian