North Korean hackers deploy new malware that supports credential theft from browser extensions

ChainCatcher news, according to Decrypt, the threat intelligence research company Cisco Talos reported on Wednesday that North Korean hackers are targeting cryptocurrency professionals by deploying a new Python remote access Trojan named "PylangGhost" through fake interviews disguised as recruiters from companies like Coinbase and Uniswap. This malware is associated with the notorious North Korean hacking group "Famous Chollima" (also known as "Wagemole").

The malware can steal credentials from over 80 browser extensions, including Metamask and 1Password, and achieve persistent remote access. The attacks primarily target Windows systems and macOS users, while Linux systems have not been affected by the current wave of attacks.