Here’s a twist for all you crypto enthusiasts: North Korean hackers are now targeting job seekers in the crypto world. And no, they’re not offering a "job of a lifetime" with an incredible salary; they’re after your passwords. Cisco Talos reported on Wednesday that these hackers are using a new Python-based remote access trojan (RAT), cleverly named PylangGhost. It’s all part of the hacking collective “Famous Chollima,” also known as “Wagemole” (what a name!).

These sneaky hackers are focusing on individuals with cryptocurrency and blockchain experience, mostly in India. How do they reel in their targets? Simple: fake job interviews.

hodl-post-image
Source: Giphy

That’s right, they create fraudulent job sites that look like the real deal, think Coinbase, Robinhood, Uniswap, and then lure victims into clicking links and downloading malware disguised as “video drivers.”

hodl-post-image
Sample of fake job website. Source: Cisco Talos

PylangGhost Malware

Now, if you’re thinking, “Hey, I’d never fall for that,” think again. The malware isn’t just a minor annoyance; it’s a full-blown thief. Once it’s in your system, PylangGhost goes to work, swiping cookies, passwords, and credentials from over 80 browser extensions. And guess what? Crypto wallets and password managers are at the top of the list, including MetaMask, 1Password, and NordPass. So much for your security, huh?

hodl-post-image
Instructions to download the payload. Source: Cisco Talos

The malware’s got all sorts of tricks up its sleeve. It can take screenshots, steal browser data, and even collect system info. And don’t forget the fun part: it maintains remote access, so the hackers can keep creeping around your system. Talk about overstaying your welcome!

In case you thought this was just some random event, think again. North Korean hackers have been using these fake job schemes for a while now. Remember the $1.5 billion Bybit heist in April? Yep, that was them, too, using fake recruitment tests to plant malware.

Biggest Data Leak Ever? 16 Billion Credentials Exposed, Cybercriminals Have a Field Day | HODL FM
A colossal data breach has just spilled the beans on 16 billion…
hodl-post-imageHODL FM: The Wildest Ride in the Crypto MarketEmily Johnson
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require adviceHODL FM strongly recommends contacting a qualified industry professional.