Loading...
Foresight News: According to CoinDesk, cybersecurity agency Cisco Talos has stated that a hacker group related to North Korea is using the Python Trojan program "PylangGhost" disguised as a job search process to attack cryptocurrency industry practitioners, mainly targeting developers, marketers, and designers with backgrounds in blockchain and cryptocurrency startups. This malicious software is a Python variant of the previous "GolangGhost", specifically targeting Windows systems. It has functions such as remote control, credential theft, system detection, file transfer, browser extension data scraping, and can obtain wallet and login information from over 80 browser extensions including MetaMask, Phantom, TronLink, 1Password, etc. The attack methods include impersonating well-known companies such as Coinbase, Robinhood, and Uniswap, creating fake job recruitment websites, inducing victims to participate in so-called "skill tests", and guiding them to install Trojan programs disguised as video drivers during the process, ultimately achieving remote control and data theft. At present, the majority of victims come from India, and there is no clear evidence of internal system intrusion caused by the attack, but security risks have raised concerns. The organization is known as' Famous Chollima 'and has been active in infiltrating the cryptocurrency industry since mid-2024.