$XRP $BNB $SOL North Korean hackers from the Famous Chollima (Wagemole) group are conducting phishing attacks on cryptocurrency and blockchain specialists, including in India, through fake job sites and interviews. Victims are invited to take skill tests, after which they are tricked into executing malicious commands under the guise of updating video drivers, leading to the installation of the RAT Trojan PylangGhost.

PylangGhost provides remote control over the system. The program steals cookies and credentials from more than 80 browser extensions, including MetaMask, TronLink, Phantom wallets, as well as password managers 1Password and Bitski. The virus is capable of taking screenshots, gathering system information, and intercepting files.