In brief
- North Korean hackers are targeting crypto professionals with fake job interviews to deploy new Python-based malware, PylangGhost.
- The malware steals credentials from 80+ browser extensions, including Metamask and 1Password, and enables persistent remote access.
- Attackers pose as recruiters from firms like Coinbase and Uniswap, tricking victims into running malicious commands disguised as video driver installs.
North Korean hackers are luring crypto professionals into elaborate fake job interviews designed to steal their data and deploy sophisticated malware on their devices.
A new Python-based remote access trojan called “PylangGhost,” links malware to a North Korean-affiliated hacking collective called “Famous Chollima,” also…
Jun 20 2025
