Munzir HakimiTable of Contents
New Threat Alert
A North Korean-aligned hacking group is targeting job seekers in the cryptocurrency sector with a new malware called PylangGhost. This malware is designed to steal passwords from crypto wallets and password managers, primarily affecting individuals in India. The attacks are executed through fake job interviews that utilize social engineering tactics.
Targeting Job Seekers
The Famous Chollima group creates fraudulent job sites mimicking legitimate companies like Coinbase and Robinhood.Victims receive invitations from fake recruiters to skill-testing websites, where their information is collected.They are then tricked into enabling video access for phony interviews, leading them to execute malicious commands disguised as software updates.
Malware Functionality
PylangGhost operates similarly to the previously known GolangGhost RAT. once activated, it allows remote control of infected devices and can steal cookies and credentials from over 80 browser extensions, including popular password managers and crypto wallets like MetaMask and 1Password.
Multifunctional Capabilities
This malware can perform various tasks such as taking screenshots,managing files,stealing browser data,collecting system information,and maintaining remote access to compromised systems. Researchers believe that artificial intelligence was not used in its progress based on the code’s comments.
Recurring Tactics
Fake job lures have been a recurring tactic among North Korean hackers. In previous incidents, they targeted crypto developers using similar methods involving fake recruitment tests laden with malware.
Final Thoughts
Stay vigilant against phishing attempts disguised as legitimate job offers in the cryptocurrency space to protect your sensitive information.
