📇 North Korean hackers are compromising devices of cryptocurrency specialists by using fake interviews and malicious software PylangGhost — a Python trojan for remote access.
According to Cisco Talos researchers, the attack is linked to a group called Famous Chollima (also known as Wagemole), which poses as recruiters from well-known companies, including Coinbase, Robinhood, and Uniswap. The primary target is cryptocurrency specialists from India who are looking for jobs.
The discovered trojan is capable of stealing credentials and cookies from over 80 browser extensions, including password managers and cryptocurrency wallets.
