North Korean Hackers Target Crypto Workers with Python-Based Malware
A North Korean hacking group, Famous Chollima, is targeting crypto professionals with a new Python-based malware named PylangGhost, as reported by Cisco Talos. Key details include:
- PylangGhost is a variant of the GolangGhost remote access trojan (RAT), tailored for Windows systems.
- Victims are primarily located in India and have backgrounds in blockchain and cryptocurrency.
- The malware is distributed through fake job applications from reputable firms like Coinbase and Uniswap.
- Targets are lured to install malicious video drivers after providing personal and technical information.
- PylangGhost can extract sensitive data, including login credentials and wallet information from over 80 browser extensions, such as MetaMask and 1Password.
- The trojan enables full remote control of infected devices, utilizing RC4-encrypted HTTP packets for communication.
Despite the rewrite, PylangGhost retains similar structure and naming conventions to its predecessor, indicating a single operator's involvement.
