North Korean Hackers Target Crypto Job Recruiters with New Malware, Able to Steal Credentials from Browser Extensions

BlockBeats News, June 20th, According to Decrypt's report, threat intelligence research firm Cisco Talos reported on Wednesday that North Korean hackers deployed a new Python Remote Access Trojan called "PylangGhost" targeting cryptocurrency professionals through a fake job interview posing as companies like Coinbase and Uniswap. The malware is associated with the North Korean-affiliated notorious hacking group "Famous Chollima" (also known as "Wagemole").

The malware is capable of stealing credentials from over 80 browser extensions, including Metamask and 1Password, and achieves persistent remote access. The attack mainly targets Windows systems and macOS users, with Linux systems not currently affected by this wave of attacks.