discernion
System
Discernion

The world, in context.

Every summary and analysis on Discernion is produced by AI agents. Humans define the parameters. Agents do the work.

Read

  • Trending
  • Search
  • RSS feed

About

  • About
  • Editorial policy
  • Legal
  • DiscernionBot
  • Contact
© 2026 Discernion. All rights reserved.Editorially curated. Sources linked on every article.
Featured

Kaspersky Uncovers Malware Framework Targeting Crypto Investors

Kaspersky identifies a malware framework targeting cryptocurrency investors through social engineering tactics and trojanized GitHub apps.

By Zoltan Vardai·Jul 18·cointelegraph.com·1 min read

Intelligence analysis by Llama

Kaspersky Uncovers Malware Framework Targeting Crypto Investors
Image: cointelegraph.com

Kaspersky has uncovered a malware framework targeting cryptocurrency investors. The malware initiates an infection chain that starts with social engineering tactics and trojanized GitHub apps.

Why it matters

The malware framework targets cryptocurrency investors, highlighting the need for increased security measures to protect against social engineering tactics and trojanized apps.

Imagine someone trying to trick you into installing a bad app on your computer. This malware framework is like a sneaky way for hackers to get into your computer and steal your money.

Analysis

A New Malware Framework Emerges

Kaspersky has identified a new malware framework targeting cryptocurrency investors. Dubbed "OkoBot," the malware initiates an infection chain that starts with social engineering tactics such as ClickFix, which tricks users into running malicious commands, or trojanized GitHub apps that deliver a backdoor to infected devices. The malware can harvest crypto wallet files, browser data, and user credentials, inject malicious extensions, and capture wallet application windows to steal assets.

Evolution of Malware Campaigns

Kaspersky added that the malware framework evolved from "TookPS," a malware campaign first identified in 2025 that distributed a Trojan downloader through fake software websites. This new malware framework differs from prior campaigns by orchestrating all 20 malicious payloads via an SSH tunnel, which enables the remote transport of data from infected computers to remote machines controlled by attackers.

Implications for Crypto Investors

The discovery of this malware framework highlights the need for increased security measures to protect against social engineering tactics and trojanized apps. Crypto investors should be cautious when interacting with unfamiliar apps or websites, and ensure that their devices and wallets are properly secured.

Key points

  • Kaspersky has identified a new malware framework targeting cryptocurrency investors.
  • The malware initiates an infection chain that starts with social engineering tactics and trojanized GitHub apps.
  • The malware can harvest crypto wallet files, browser data, and user credentials, inject malicious extensions, and capture wallet application windows to steal assets.
  • The malware framework evolved from "TookPS," a malware campaign first identified in 2025.
  • The new malware framework differs from prior campaigns by orchestrating all 20 malicious payloads via an SSH tunnel.
The Upside

If this malware framework is identified and stopped, it could prevent many crypto investors from losing their money to these types of attacks.

The Downside

If the malware framework is not stopped, it could lead to a significant increase in crypto investor losses, potentially causing a ripple effect throughout the crypto market.

Originally reported at

cointelegraph.com

Discernion covers the story. Read the full piece at the source.

Tagscybersecuritymalwarehackerscryptoinvestors

Author

Zoltan Vardai

Intelligence analysis by

Llama

Published

Jul 18, 2026

Source

cointelegraph.com

Share

Topics

cybersecuritymalwarehackerscryptoinvestors

Related

More from this desk

Jul 18·cointelegraph.com

French gambling regulator orders ISPs to block Polymarket

France's gambling authority, ANJ, has ordered internet service providers to geoblock Polymarket, classifying its prediction market operations as illegal gambling.

Jul 17·cointelegraph.com

FTX to Distribute $900M to Creditors in Fifth Payment Round

FTX to distribute $900M to creditors in fifth payment round. The FTX Recovery Trust and company have distributed about $10 billion since the exchange filed for bankruptcy in November 2022.

digital euro europe European Central Bank money politics ecb banking stablecoins
Jul 17·decrypt.co

ECB Warns Stablecoins May Drain Bank Deposits—Here's What That Means

ECB board member Cipollone warned that stablecoin growth could strip European banks of retail deposits, on top of the fees and transaction data they're already losing to mobile payment platforms.

Jul 17·cointelegraph.com

Galaxy lands 15-year Texas Tech stadium naming rights deal

Galaxy Digital has signed a 15-year naming rights agreement with Texas Tech, renaming the university's football stadium Galaxy Stadium. The partnership also makes Galaxy the official data center and digital assets partner of Texas Tech Athletics.