cybersecurity디지털투데이 (DigitalToday)· 7/19/2026, 12:00:17 AM8.0

Kaspersky Detects Malware Framework Targeting Cryptocurrency Investors

A new malware framework targeting cryptocurrency investors' wallet files and account information has been discovered. According to Coin Telegraph on the 18th (local time), cybersecurity firm Kaspersky discovered the malicious code 'Ocobot,' which is spread through social engineering techniques and a GitHub app disguised as a Trojan. The company noted Ocobot uses methods like 'ClickFix' to prompt users to execute malicious commands during the initial infection phase. It also employs a method of installing a backdoor through a GitHub app disguised as a legitimate program. Kaspersky confirmed cases where this malware family has been used in several attacks since January 2026. This malware can collect cryptocurrency wallet files, browser data, and user authentication information. It also has the capability to inject malicious extensions or capture wallet application windows to attempt asset theft. The attack's purpose is to infect devices by implanting a remote access Trojan. Attackers can steal project keys, cloud authentication information, and wallet extension data through this method. Kaspersky explained that Ocobot is an evolved form of the 'TokiPies' malware campaign first identified in 2025. At that time, TokiPies distributed Trojan downloaders through fake software sites.

Related entities
View original (디지털투데이 (DigitalToday)) →