Fake Crypto Jobs Used by North Korean Hackers to Steal Wallet Info

Here’s a twist for all you crypto enthusiasts: North Korean hackers are now targeting job seekers in the crypto world. And no, they’re not offering a “job of a lifetime” with an incredible salary; they’re after your passwords. Cisco Talos reported on Wednesday that these hackers are using a new Python-based remote access trojan (RAT), cleverly named PylangGhost. It’s all part of the hacking collective “Famous Chollima,” also known as “Wagemole” (what a name!).

These sneaky hackers are focusing on individuals with cryptocurrency and blockchain experience, mostly in India. How do they reel in their targets? Simple: fake job interviews.

That’s right, they create fraudulent job sites that look like the real deal, think Coinbase, Robinhood, Uniswap, and then lure victims into clicking links and downloading malware disguised as “video drivers.”

PylangGhost Malware

Now, if you’re thinking, “Hey, I’d never fall for that,” think again. The malware isn’t just a minor annoyance; it’s a full-blown thief. Once it’s in your system, PylangGhost goes to work, swiping cookies, passwords, and credentials from over 80 browser extensions. And guess what? Crypto wallets and password managers are at the top of the list, including MetaMask, 1Password, and NordPass. So much for your security, huh?

The malware’s got all sorts of tricks up its sleeve. It can take screenshots, steal browser data, and even collect system info. And don’t forget the fun part: it maintains remote access, so the hackers can keep creeping around your system. Talk about overstaying your welcome!

In case you thought this was just some random event, think again. North Korean hackers have been using these fake job schemes for a while now. Remember the $1.5 billion Bybit heist in April? Yep, that was them, too, using fake recruitment tests to plant malware.

Biggest Data Leak Ever? 16 Billion Credentials Exposed, Cybercriminals Have a Field Day | HODL FM

A colossal data breach has just spilled the beans on 16 billion…

HODL FM: The Wildest Ride in the Crypto MarketEmily Johnson

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.