CRITICALAdvisoryJul 17, 2026
Action required
Hunt for OkoBot indicators across endpoints: monitor for unsigned or suspicious Ledger/Trezor app child processes, SSH tunnel connections from user workstations, and GitHub-sourced downloads. Block known OkoBot C2 infrastructure and scan systems with cryptocurrency wallet software installed for malware artifacts.
Affected products
Ledger LiveLedger WalletTrezor SuiteAudacitySQL Server Management Studio