New Information on Cyber Attacks by North Korean Hacker Group in Cryptocurrency Sector
Discovery of New Attack Using Sophisticated Malware
On June 20, according to cybersecurity analysis sources, the "Famous Chollima" hacker group from North Korea launched a new phishing attack targeting global cryptocurrency investors and experts. These hackers created fake recruitment pages for major exchanges like Coinbase and Robinhood, aiming to deceive experienced Blockchain users, especially in India and neighboring regions.
Fraud Tactics and PylangGhost Malware
By using fake recruitment websites, hackers entice users to download a Python-based Trojan named "PylangGhost". Once in control, the software acts as a remote control, allowing attackers to execute malicious commands during virtual video interviews. They steal cryptocurrency wallet data, accessing information from over 80 browser extensions like MetaMask and TronLink, thereby exploiting wallet data and management passwords.
Sophisticated Malware Functions and Potential Threats
PylangGhost can take screenshots, manage files, collect system information, similar to the previously discovered GolangGhost Trojans. Notably, researchers confirmed that this malware was not created by artificial intelligence, increasing the complexity and adaptability of cyber-attackers in the cryptocurrency world.
Impact and Prevention Methods for Cryptocurrency Investors
Investors should heighten vigilance when participating in online recruitment activities, especially through suspicious emails or websites of unknown origin. To protect cryptocurrency accounts, users should regularly update software, use two-factor authentication, and limit sharing sensitive information on unsafe platforms. Identifying such sophisticated attacks is a crucial step in maintaining financial safety in the volatile cryptocurrency world.
