MarketAlert – Real-Time Market & Crypto News, Analysis & AlertsMarketAlert – Real-Time Market & Crypto News, Analysis & Alerts
Font ResizerAa
  • Crypto News
    • Altcoins
    • Bitcoin
    • Blockchain
    • DeFi
    • Ethereum
    • NFTs
    • Press Releases
    • Latest News
  • Blockchain Technology
    • Blockchain Developments
    • Blockchain Security
    • Layer 2 Solutions
    • Smart Contracts
  • Interviews
    • Crypto Investor Interviews
    • Developer Interviews
    • Founder Interviews
    • Industry Leader Insights
  • Regulations & Policies
    • Country-Specific Regulations
    • Crypto Taxation
    • Global Regulations
    • Government Policies
  • Learn
    • Crypto for Beginners
    • DeFi Guides
    • NFT Guides
    • Staking Guides
    • Trading Strategies
  • Research & Analysis
    • Blockchain Research
    • Coin Research
    • DeFi Research
    • Market Analysis
    • Regulation Reports
Reading: North Korea Targets Crypto Industry with New Info-Stealing Malware
Share
Font ResizerAa
MarketAlert – Real-Time Market & Crypto News, Analysis & AlertsMarketAlert – Real-Time Market & Crypto News, Analysis & Alerts
Search
  • Crypto News
    • Altcoins
    • Bitcoin
    • Blockchain
    • DeFi
    • Ethereum
    • NFTs
    • Press Releases
    • Latest News
  • Blockchain Technology
    • Blockchain Developments
    • Blockchain Security
    • Layer 2 Solutions
    • Smart Contracts
  • Interviews
    • Crypto Investor Interviews
    • Developer Interviews
    • Founder Interviews
    • Industry Leader Insights
  • Regulations & Policies
    • Country-Specific Regulations
    • Crypto Taxation
    • Global Regulations
    • Government Policies
  • Learn
    • Crypto for Beginners
    • DeFi Guides
    • NFT Guides
    • Staking Guides
    • Trading Strategies
  • Research & Analysis
    • Blockchain Research
    • Coin Research
    • DeFi Research
    • Market Analysis
    • Regulation Reports
Have an existing account? Sign In
Follow US
© Market Alert News. All Rights Reserved.
  • bitcoinBitcoin(BTC)$77,941.000.52%
  • ethereumEthereum(ETH)$2,313.17-0.32%
  • tetherTether(USDT)$1.000.00%
  • rippleXRP(XRP)$1.431.21%
  • binancecoinBNB(BNB)$638.330.31%
  • usd-coinUSDC(USDC)$1.00-0.01%
  • solanaSolana(SOL)$85.990.41%
  • tronTRON(TRX)$0.327490-0.09%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.03-0.43%
  • dogecoinDogecoin(DOGE)$0.0975831.20%
Latest News

North Korea Targets Crypto Industry with New Info-Stealing Malware

rahulbadiyafad150c105
Last updated: June 20, 2025 10:37 am
rahulbadiyafad150c105
Published: 10 months ago
Share

A North Korean-linked hacking group has been targeting job seekers in the crypto industry with new malware designed to steal passwords for crypto wallets and password managers.

Contents
  • Fake Job Sites and Skill Tests Used as Front for Malware Attacks
  • Malware Payload Specifically Targets Crypto Wallets
  • Multitasking malware 
  • Fake Job Lures Are Nothing New in Cyberattacks

According to a Wednesday report from Cisco Talos, the threat actor—identified as “Famous Chollima,” also known as “Wagemole”—is behind a newly discovered Python-based remote access trojan (RAT) dubbed “PylangGhost.”

The group has primarily focused its attacks on individuals in India with experience in cryptocurrency and blockchain, using fake job interview campaigns and social engineering tactics to lure victims.

“Based on the advertised positions, it is clear that the Famous Chollima is broadly targeting individuals with previous experience in cryptocurrency and blockchain technologies.” 

Fake Job Sites and Skill Tests Used as Front for Malware Attacks

The attackers set up fake job websites impersonating well-known companies like Coinbase, Robinhood, and Uniswap, leading victims through a carefully crafted, multi-step recruitment process.

It begins with outreach from fake recruiters, who then direct targets to skill-testing platforms—where the actual data harvesting and malware deployment take place.

Source: Cisco Talos

Next, victims are persuaded to enable video and camera access for fake interviews, during which they’re tricked into copying and executing malicious commands under the guise of installing updated video drivers—ultimately leading to their devices being compromised.

Malware Payload Specifically Targets Crypto Wallets

Cisco Talos reported that PylangGhost is a variant of the previously documented GolangGhost RAT, sharing much of its core functionality.

Once executed, the malware enables remote control of the infected system and facilitates the theft of cookies and credentials from more than 80 browser extensions. These include popular password managers and crypto wallets such as MetaMask, 1Password, NordPass, Phantom, Bitski, Initia, TronLink, and MultiverseX.

Source: Cisco Talos

Multitasking malware 

The malware is capable of performing a wide range of functions, including executing various commands, taking screenshots, managing files, stealing browser data, gathering system information, and maintaining persistent remote access to compromised devices.

Researchers also noted that, based on the code comments, it’s unlikely the threat actors used a large language model or AI assistance to develop the malware.

Fake Job Lures Are Nothing New in Cyberattacks

This isn’t the first time North Korean-linked hackers have used fake job offers and interviews as a tactic to ensnare victims.

Back in April, attackers connected to the $1.4 billion Bybit heist targeted crypto developers through bogus recruitment tests embedded with malware.

Share this:

  • Share on X (Opens in new window) X
  • Share on Facebook (Opens in new window) Facebook

Like this:

Like Loading...

Related

India News | Heavy Traffic in Hyderabad as People Head to Hometowns for Sankranti | LatestLY
Business News | Bisleri Partners with Purple Umbrella Festival 2025 as The Official Hydration Partner | LatestLY
Italian Wine Podcast Renews Media Partnership with Grandi Langhe Wine Festival
Mario Hezonja picks up injury from international duty with Croatia
UniFirst Declares Increased Cash Dividends
TAGGED:Businesscrypto walletscryptocurrenciesFake jobHackersMalwareNorth Korea

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Email Copy Link Print
Previous Article Bitcoiners Divided: Will BTC Break Toward $94K or Surge to $114K as It Trades Sideways?
Next Article $LRGG | ($LRGG) Trading Report (LRGG)
© Market Alert News. All Rights Reserved.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Prove your humanity


    Lost your password?

    %d