North Korea Targets Crypto Professionals With New Malware in Hiring Scams
North Korean hackers are targeting crypto professionals through fake job interviews to steal data and deploy malware. A new remote access trojan, "PylangGhost," linked to the hacking group "Famous Chollima," is designed to compromise systems. The campaign primarily targets individuals in India, using fraudulent job sites that mimic legitimate companies like Coinbase and Robinhood. Victims are directed to skill-testing websites where they provide personal information and execute malicious commands disguised as video driver installations. The PylangGhost malware can steal credentials from over 80 browser extensions, including popular crypto wallets. This operation is part of North Korea's broader crypto-focused cybercrime strategy, which includes previous campaigns targeting developers on platforms like GitHub and Upwork. The attackers maintain numerous fake job sites and have previously established fake U.S. companies to distribute malware. A joint statement from Japan, South Korea, and the U.S. reported that North Korean-backed groups stole at least $659 million through cryptocurrency heists in 2024.
