Kaspersky Uncovers Malware Framework Targeting Crypto Investors
Cybersecurity firm Kaspersky warned of a new malware framework targeting cryptocurrency investors through ClickFix attacks and trojanized GitHub apps.
YayaNews contributes financial news and market context through the YayaNews editorial workflow.

Cybersecurity firm Kaspersky warned of a new malware framework targeting cryptocurrency investors through ClickFix attacks and trojanized GitHub apps.
Kaspersky Uncovers Malware Framework Targeting Crypto Investors
DOGE
$0.07233
0.61%
TRX
$0.3236
0.27%
LINK
$8.30
1.47%
ZEC
$545.83
2.34%
ADA
$0.1659
3.41%
XRP
$1.08
0.69%
ETH
$1,846.86
0.63%
BTC
$64,115.85
1.42%
XMR
$331.42
2.40%
BNB
$570.10
1.04%
XLM
$0.1854
1.00%
SOL
$75.01
0.52%
HYPE
$59.10
1.26%
Written by
Zoltan Vardai
staff writer
Reviewed by
Yohan Yun
staff editor
Written by
Zoltan Vardai
staff writer
Reviewed by
Yohan Yun
staff editor
Kaspersky identifies malware framework targeting crypto investors
Latest News
Published
Jul 18, 2026
Cybersecurity company Kaspersky said a newly identified malware framework is targeting cryptocurrency investors through social engineering tactics and trojanized GitHub apps.
Kaspersky has uncovered a new malware framework targeting cryptocurrency investors.
Dubbed “OkoBot,” the malware initiates an infection chain that starts with social engineering tactics such as ClickFix, which tricks users into running malicious commands, or trojanized GitHub apps that deliver a backdoor to infected devices, the cybersecurity company wrote in a Wednesday
report
.
The malware can harvest crypto wallet files, browser data and user credentials, inject malicious extensions and capture wallet application windows to steal assets. Kaspersky said it identified multiple attacks involving this malware family since January 2026.
Kaspersky added that the malware framework evolved from “TookPS,” a malware campaign first identified in 2025 that distributed a Trojan downloader through fake software websites, and that it opens the door to copycat attacks.
It differs from prior campaigns by orchestrating all 20 malicious payloads via an SSH tunnel, which enables the remote transport of data from infected computers to remote machines controlled by attackers.
Original OkoBot infection chain. Source: Kaspersky
Fake LinkedIn recruitment campaigns target Web3 developers with malware
Separately, a new malware campaign is seeking to infiltrate the devices of Web3 developers via fake LinkedIn recruitment opportunities, according to SlowMist.
Attackers contact blockchain developers via LinkedIn, posing as Web3 recruiters. They then send fake GitHub repositories to victims, claiming they contained the minimum viable product that needed to be tried before the interview, the blockchain security company said in a Saturday
report
.
The workflow closely resembles a legitimate technical interview where developers pull code, install dependencies and launch a project, which makes it difficult to notice the attack, according to SlowMist.
Related:
UK sentences 2 hackers tied to $115M crypto ransom scheme
The malware aims to deliver a complete “remote access trojan” that infects devices, enabling attackers to steal project keys, cloud credentials, or wallet extension data from these developers.
“This attack is not an isolated case,” wrote SlowMist, adding that recent incidents illustrate that “attackers are increasingly leveraging scenarios such as recruitment, code reviews and project collaborations to trick developers into actively running malicious repositories.”
The report came a day after SlowMist warned of a separate
malware campaign targeting
macOS users, aiming to steal their credentials and hijack their Telegram sessions to ultimately trick investors into entering their wallet recovery phrases through fake websites.
Magazine:
Does Botanix’s failure prove Bitcoiners don’t care about DeFi?
Subscribe to daily byte-sized crypto news from Cointelegraph
Subscribe
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s
Editorial Policy
and aims to provide accurate and timely information. Readers are encouraged to verify information independently.
Cybersecurity
Malware
Hackers
Hacks
Developers
Social Engineering
Scams & Cybercrime
More on the subject
UK sentences 2 hackers tied to $115M crypto ransom scheme
Jul 17, 2026
Zoltan Vardai
MacOS malware hijacks Telegram sessions, targets crypto wallets: SlowMist
Jul 17, 2026
Zoltan Vardai
US Senate unanimously adopts resolution opposing clemency for SBF
Jul 16, 2026
Helen Partz
UK sentences 2 hackers tied to $115M crypto ransom scheme
Jul 17, 2026
Zoltan Vardai
MacOS malware hijacks Telegram sessions, targets crypto wallets: SlowMist
Jul 17, 2026
Zoltan Vardai
US Senate unanimously adopts resolution opposing clemency for SBF
Jul 16, 2026
Helen Partz
Original YayaNews editorial coverage, published for informational purposes.
This article is sourced from CoinTelegraph. It is for informational purposes only and does not constitute investment advice.
Topics & Symbols
Continue Reading
Related Reading
Ethereum ETF Approval Expectations Heat Up: Can ETH Lead the Next Crypto Rally?
Analyzing the SEC's progress on spot Ethereum ETF approvals, this article explores ETH's short-term price outlook and its potential impact on the broader crypto market, driven by shifting market sentiment and capital flows.

Ethereum ETF Hype Builds: Analysts Predict ETH Could Break $4,000
As the SEC accelerates its review of spot Ethereum ETFs, market optimism surges. Analysts suggest institutional inflows could push ETH past $4,000 if approved, though regulatory risks remain.

French Gambling Authority Blocks Polymarket Access
Polymarket was geoblocked in France by the country’s gambling authority, which cited illegal gambling and outcome manipulation concerns on the prediction market.

Ethereum ETFs See Consecutive Inflows: Is an Altcoin Season on the Horizon?
Ethereum ETFs have recently experienced sustained net inflows, signaling a shift in institutional sentiment. This analysis explores the potential impact on ETH, DeFi, and NFT ecosystem tokens, and assesses the likelihood of an altcoin recovery amid improving market sentiment.
