North Korean hackers impersonate recruitment platforms and use Python Trojans to attack encryption industry practitioners

2025-06-20 08:48

Foresight News: According to CoinDesk, cybersecurity agency Cisco Talos has stated that a hacker group related to North Korea is using the Python Trojan program "PylangGhost" disguised as a job search process to attack cryptocurrency industry practitioners, mainly targeting developers, marketers, and designers with backgrounds in blockchain and cryptocurrency startups. This malicious software is a Python variant of the previous "GolangGhost", specifically targeting Windows systems. It has functions such as remote control, credential theft, system detection, file transfer, browser extension data scraping, and can obtain wallet and login information from over 80 browser extensions including MetaMask, Phantom, TronLink, 1Password, etc. The attack methods include impersonating well-known companies such as Coinbase, Robinhood, and Uniswap, creating fake job recruitment websites, inducing victims to participate in so-called "skill tests", and guiding them to install Trojan programs disguised as video drivers during the process, ultimately achieving remote control and data theft. At present, the majority of victims come from India, and there is no clear evidence of internal system intrusion caused by the attack, but security risks have raised concerns. The organization is known as' Famous Chollima 'and has been active in infiltrating the cryptocurrency industry since mid-2024.

7 x 24 快訊

更多 >
今天 2025-07-15
04:14

蚂蚁数科Jovay启动测试网,主网将于Q4上线

04:09

BTC 跌破 116500 美元关口

03:55

美国现货 BTC ETF 连续4个交易日净流入,达27.18亿美元

03:51

绿地(亚洲)证券获批香港数字资产业务牌照升级

03:48

昨日美国比特币现货ETF净流入2.974亿美元