๐จ ๐ก๐ผ๐ฟ๐๐ต ๐๐ผ๐ฟ๐ฒ๐ฎ ๐ง๐ฎ๐ฟ๐ด๐ฒ๐๐ ๐๐ฟ๐๐ฝ๐๐ผ ๐๐ผ๐ฏ ๐๐๐ป๐๐ฒ๐ฟ๐ ๐ช๐ถ๐๐ต ๐ก๐ฒ๐ โ๐ฃ๐๐น๐ฎ๐ป๐ด๐๐ต๐ผ๐๐โ ๐ ๐ฎ๐น๐๐ฎ๐ฟ๐ฒ
๐ง A North Korean-linked hacking group, Famous Chollima (aka Wagemole), has launched a dangerous new Python-based malware named PylangGhost, specifically targeting crypto professionals and job seekers, especially in India.
๐ How It Works:
Poses as recruiters from legit companies like Coinbase, Robinhood, Uniswap
Sends fake job offers and directs users to phony interview platforms
Tricks victims into installing fake โvideo driversโ that actually execute malware
๐งจ What PylangGhost Can Do:
Steals passwords, cookies, wallet credentials from 80+ browser extensions (MetaMask, Phantom, 1Password, TronLink, etc.)
Records screenshots, manages files, and maintains remote access for long-term spying
Gives hackers full control of infected systems
๐ฌ Cisco Talos confirms the malware is not AI-generated and closely resembles a prior RAT called GolangGhost.
โ ๏ธ This isnโt the first time North Korean groups have used fake job scams โ similar tricks were used in the massive $1.4B Bybit hack earlier this year.
๐ก๏ธ Stay Safe: Avoid downloading files or enabling system access during online job interviews. Always verify recruiter identities and domain links.