According to @FoxNews, researchers at Cisco Talos have identified a North Korean hacking group, known as Famous Chollima, targeting cryptocurrency professionals with a new Python-based malware called PylangGhost. The attack involves luring developers and marketers with fake job applications from major firms like Coinbase, Robinhood, and Uniswap. The malware, a Remote Access Trojan (RAT), is installed through a deceptive 'skill test' and is designed to steal sensitive data from over 80 browser extensions, including critical crypto wallets like MetaMask, Phantom, and TronLink. This creates a significant trading risk, as compromised credentials could lead to direct asset theft from individual wallets and potentially grant hackers access to internal systems of major crypto companies, impacting market stability and the security of associated assets like ETH, UNI, and SOL.

According to phantom, a North Korean hacking group known as Famous Chollima is actively targeting cryptocurrency professionals with a new Python-based malware named PylangGhost. The attack vector involves impersonating top crypto firms like Coinbase, Robinhood, and Uniswap through sophisticated fake career websites, as detailed in a report by Cisco Talos. Job applicants, particularly software engineers and designers in India, are lured into a fake skills test that tricks them into running a command to install the malware. For traders, the primary risk is the malware's ability to steal critical data from over 80 browser extensions, including popular wallets like MetaMask, Phantom, and TronLink, as well as password managers like 1Password. This could lead to the direct theft of user funds, compromising individual accounts and potentially impacting the security and reputation of the targeted platforms. The malware grants attackers full remote control over infected Windows machines, posing a significant threat to the assets held by employees and users of major crypto companies.