North Korea Targets Indian Crypto Professionals with Malware

• Famous Chollima exploits India’s crypto talent boom with fake job scams and malware.
• Hackers impersonate Coinbase, Uniswap, and others to deceive crypto professionals.
• PylangGhost malware steals crypto wallet and password manager data from compromised devices.

The fast rise of India as a global crypto and Web3 talent hub is attracting undesired attention. The North Korean hacker group, known as Famous Chollima, is capitalizing on this momentum by targeting job seekers with fake job applications that impersonate major cryptocurrency firms. These fraudulent schemes are designed to deceive candidates and steal sensitive data under the guise of legitimate employment offers.

A report by Cisco Talos revealed PylangGhost, a Python-based remote access trojan (RAT) that was specifically designed to target job seekers in the crypto industry, particularly those with blockchain expertise. The Famous Chollima group strongly relies on social engineering techniques to lure people into fake employment interviews. 

Crypto Job Scams: Hackers Posing as Top Firms

The hackers pretend to be from authentic companies, including Coinbase, Robinhood, and Uniswap. They lure victims by initiating contact through fake recruiters, then direct them to fraudulent skill assessment websites designed to harvest sensitive personal and professional information.

Victims are deceived into enabling video and camera access during the fake video interview. They are then requested to run malicious commands in the pretence of video driver updates. After the victim agrees to it, their device is already compromised, and the hackers have remote access.

Related: Ledger Discord Hack: Scammers Try to Steal Users’ Crypto Keys

PylangGhost Malware: Stealing Data from Crypto Wallets 

PylangGhost malware is capable of stealing credentials and other sensitive data from more than 80 browser extensions, including crypto wallets and password managers such as MetaMask, 1Password, and NordPass. Its advanced capabilities enable hackers to constantly control the infected systems.

These attacks are not the first time that North Korean hackers have targeted crypto developers through fake job offers. According to cybersecurity platform CrowdStrike, Famous Chollima was linked to 304 cyber incidents in 2024, using a range of tactics including social engineering and malware. As India rises as a global hub for crypto and Web3 talent, it’s becoming an increasingly attractive target for cybercriminals. The industry must now focus on enhancing recruitment security, raising awareness, and protecting its growing talent pool from sophisticated threats like social engineering and deepfake-driven scams.

The post North Korea Targets Indian Crypto Professionals with Malware appeared first on Cryptotale.