North Korea targets crypto workers with new info-stealing malware

North Korean threat actors have been deploying malware through fake crypto job sites, targeting blockchain professionals to steal wallet credentials, Cisco Talos says.

A North Korean-aligned threat actor has been targeting job seekers in the crypto industry with new malware that is designed to steal passwords for crypto wallets and password managers.

Cisco Talos reported on Wednesday that it found a new Python-based remote access trojan (RAT) it called “PylangGhost,” linking the malware to a North Korean-affiliated hacking collective called “Famous Chollima,” also known as “Wagemole.”

The hacking group has been targeting job seekers and employees with cryptocurrency and blockchain experience, primarily in India, with the attacks carried out through fake job interview campaigns using social engineering.

Read more