Key Points:
North Korean group targets blockchain professionals using PylangGhost malware.
Mimics sites like Coinbase, Robinhood for phishing attacks.
High risk to assets managed via MetaMask, TronLink plugins.
The cybercriminal group Famous Chollima, linked with North Korea, launched phishing attacks on June 20, 2025, against crypto practitioners in India using PylangGhost malware.
These attacks mimic recruitment sites of major crypto companies, aiming to steal credentials from over 80 browser extensions, posing risks to ETH, TRX, and other assets.
North Korean Group Escalates Cyber Attacks on Crypto Workers
Famous Chollima has targeted blockchain professionals with a new phishing campaign, deploying the PylangGhost plague via deceptive job recruitment websites spoofing major crypto firms like Coinbase and Robinhood. This effort follows their historical pattern of social engineering directed toward crypto workers.
This malware, masquerading under the guise of video interviews, compromises users' credentials from plugins, notably MetaMask and TronLink. The aim is to exfiltrate wallet credentials and password manager data, significantly increasing the cybersecurity risk for potential victims.
"In recent campaigns, the threat actor Famous Chollima — potentially made up of multiple groups — has been using a Python-based version of their trojan to target Windows systems, while continuing to deploy a Golang-based version for MacOS users…" — Vanja Svajcer, Security Researcher, Cisco Talos
Industry experts have observed no official comments from the accused companies, suggesting that these actions are external to their official networks. Security researcher Vanja Svajcer noted the persistent capability of this malware, echoing similar tools employed previously.
ETH Price Swings Amid Fresh Phishing Threats
Did you know? The North Korean cyber group's tactic of using fake job offers is reminiscent of a 2025 incident that led to $137 million being stolen from TRON users, highlighting the persistent threat to crypto workers.
According to CoinMarketCap, Ethereum (ETH) currently trades at $2,479.89 with a market cap of $299.37 billion. Over the past 90 days, ETH witnessed a 24.64% increase, contrasting a 3.15% drop over the past 30 days. Trading volume within 24 hours has reached $15.44 billion, marking a 6.27% change.
Ethereum(ETH), daily chart, screenshot on CoinMarketCap at 17:15 UTC on June 20, 2025. Source: CoinMarketCap
Coincu's research team predicts further phishing attempts in the crypto sphere, noting that similar earlier campaigns undermined blockchain security infrastructures significantly. Continued vigilance from crypto professionals and timely updates are deemed essential to safeguard digital assets.
