[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:okobot-malware-framework-injects-seed-phrase-phishing-into-ledger-and-trezor-app-mrof0k0n":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":18,"article_ids":19,"ioc_summary":21,"source_urls":22,"status":24,"expires_at":25,"created_at":26,"updated_at":27,"articles":28},"68956943-92b0-4625-87ff-c84c7ab00b28","OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps","okobot-malware-framework-injects-seed-phrase-phishing-into-ledger-and-trezor-app-mrof0k0n","OkoBot malware framework is actively injecting fake seed phrase prompts into Ledger and Trezor desktop applications to steal hardware wallet recovery phrases. Victims are being compromised through trojanized software on GitHub and other vectors. Successful exploitation results in complete loss of cryptocurrency holdings.","critical","advisory",[],[13,14,15,16,17],"Ledger Live","Ledger Wallet","Trezor Suite","Audacity","SQL Server Management Studio","Hunt for OkoBot indicators across endpoints: monitor for unsigned or suspicious Ledger\u002FTrezor app child processes, SSH tunnel connections from user workstations, and GitHub-sourced downloads. Block known OkoBot C2 infrastructure and scan systems with cryptocurrency wallet software installed for malware artifacts.",[20],"5e1b8e9f-d594-453c-bdb8-ec51cd3b1486",null,[23],"https:\u002F\u002Fthehackernews.com\u002F2026\u002F07\u002Fokobot-malware-framework-injects-seed.html","active","2026-07-19T04:05:36.102+00:00","2026-07-17T04:05:41.655875+00:00","2026-07-17T04:08:23.696641+00:00",[29],{"id":20,"title":6,"url":23}]