Kaspersky has uncovered a new malware framework targeting cryptocurrency investors. Dubbed “OkoBot,” the malware initiates an infection chain that starts with social engineering tactics such as ClickFix, which tricks users into running malicious commands, or trojanized GitHub apps that deliver a backdoor to infected devices, the cybersecurity company wrote in a Wednesday report. The malware can harvest crypto wallet files, browser data and user credentials, inject malicious extensions and capture wallet application windows to steal assets. Kaspersky said it identified multiple attacks involving this malware family since January 2026. Kaspersky added that the malware framework evolved from “TookPS,” a malware campaign first identified in 2025 that distributed a Trojan downloader through fake software websites, and that it opens the door to copycat attacks. It differs from prior campaigns by orchestrating all 20 malicious payloads via an SSH tunnel, which enables the remote transport of data from infected computers to remote machines controlled by attackers. Original OkoBot infection chain. Source: Kaspersky Fake LinkedIn recruitment campaigns target Web3 developers with malware Separately, a new malware campaign is seeking to infiltrate the devices of Web3 developers via fake LinkedIn recruitment opportunities, according to SlowMist. Attackers contact blockchain developers via LinkedIn, posing as Web3 recruiters. They then send fake GitHub repositories to victims, claiming they contained the minimum viable product that needed to be tried before the interview, the blockchain security company said in a Saturday report. The workflow closely resembles a legitimate technical interview where developers pull code, install dependencies and launch a project, which makes it difficult to notice the attack, according to SlowMist. The malware aims to deliver a complete “remote access trojan” that infects devices, enabling attackers to steal project keys, cloud credentials, or wallet extension data from these developers. “This attack is not an isolated case,” wrote SlowMist, adding that recent incidents illustrate that “attackers are increasingly leveraging scenarios such as recruitment, code reviews and project collaborations to trick developers into actively running malicious repositories.” The report came a day after SlowMist warned of a separate malware campaign targeting macOS users, aiming to steal their credentials and hijack their Telegram sessions to ultimately trick investors into entering their wallet recovery phrases through fake websites. Magazine: Does Botanix’s failure prove Bitcoiners don’t care about DeFi?
French gambling regulator orders ISPs to block Polymarket
France’s Autorité nationale des jeux (ANJ), or the National Gambling Authority, has ordered internet service providers to block access to Polymarket. Prediction websites are considered illegal gambling, the ANJ said in a Friday press release. The regulator said that Polymarket’s operations are not authorized in France and that advertising unauthorized gambling sites constitutes a criminal offense with fines of up to 100,000 euros ($114,000). Prediction markets allow users to buy and sell contracts tied to the outcomes of future events, from elections and sporting events to economic data and geopolitical developments. Polymarket has surged in popularity over the past two years, with billions of dollars in trading volume, while drawing scrutiny from regulators over whether its event contracts constitute illegal gambling or unlicensed financial products. Countries that blocked access to Polymarket include Singapore, Poland, Portugal, Hungary, Ukraine, Brazil and Indonesia. At press time, Polymarket said it was geoblocked in 36 regions. France’s gambling regulator first shared plans to block the platform in November 2024 for failing to comply with national gambling laws. French gambling authority cites outcome manipulation concerns France’s gambling authority said Polymarket boasts “addictive features” that are similar to regulated gambling offerings, but “amplified by the absence of the protective mechanisms found in the legal gambling market.” It also cited potential outcome manipulation tied to some event contracts on Polymarket, adding: “Some of the bets offered on this platform appeared to be rigged: for example, bets on the weather revealed that weather sensors may have been hacked.” The cybercrime unit of the Paris Public Prosecutor’s Office launched an investigation into this matter in May 2026 and found a lack of identity verification, such as Know Your Customer checks. Prediction markets have also drawn scrutiny from US regulators. On June 17, Kentucky sued five prediction market platforms, including Kalshi and Polymarket, accusing them of operating unlicensed sports betting platforms. At least 17 other states have followed suit. The Commodity Futures Trading Commission sued eight states, arguing they had interfered with the federal regulator’s exclusive authority over federally regulated event contracts. Magazine: Dubai tops Asian crypto hubs, Taiwan passes crypto laws: Asia Express
米国連邦議会でデジタル資産を違法行為と結びつける発言が目立つ上院議員エリザベス・ウォーレンは、ドナルド・トランプ大統領に対し、暗号資産への投資に関する追加情報を、期限までに開示するよう求めた。 木曜付の書簡でウォーレンは、トランプに対し、1月1日から7月15日までの期間における暗号資産に関連した収益についての財務開示報告書を、任意で開示するよう要請した。要請の背景には、トランプの2025年の財務開示で、同年に暗号資産関連の事業で14億ドルを稼いだことが示されていたことがある。内訳には、彼のメメコイン「Official Trump(TRUMP)」や、彼の家族の会社である「World Liberty Financial」を通じた収益も含まれる。