List of Flash News about PylangGhost malware
Time | Details |
---|---|
2025-07-02 12:35 |
North Korean Hackers Target Crypto Firms with Malware, Driving Record $2.1B in H1 2025 Thefts
According to @zachxbt, North Korean hackers are escalating their attacks on the cryptocurrency industry, using a new Python-based malware called PylangGhost disguised in fake job applications. The campaign, attributed to the group Famous Chollima, impersonates major firms like Coinbase and Uniswap to lure crypto professionals into installing the malware, which is designed to steal credentials from over 80 browser extensions, including popular wallets like MetaMask, Phantom, and TronLink, as detailed by Cisco Talos. This activity is part of a larger, alarming trend, with a TRM Labs report indicating that a record $2.1 billion was stolen from crypto platforms in the first half of 2025. North Korean-linked groups are reportedly responsible for $1.6 billion, or 70%, of these losses, highlighting a significant and growing systemic risk for traders and the digital asset ecosystem. The report also notes a strategic shift in attack vectors, with over 80% of stolen funds coming from infrastructure-level breaches like private key theft, which are proving far more lucrative than traditional smart contract exploits. |
2025-07-02 12:35 |
North Korean Hackers Target Crypto Firms with Job Application Malware as Thefts Hit Record $2.1 Billion in H1 2025
According to @zachxbt, a North Korean hacking group known as Famous Chollima is actively targeting cryptocurrency professionals with a new Python-based malware called PylangGhost. The attack, detailed by Cisco Talos researchers, uses sophisticated fake career sites impersonating top firms like Coinbase and Uniswap to lure targets into a fraudulent job application process. This process tricks users into running a command that installs the malware, which is designed to steal credentials and wallet data from over 80 browser extensions, including MetaMask and Phantom. This poses a significant direct risk to traders' assets. Compounding the security threat, a TRM Labs report reveals that the first half of 2025 was the worst on record for crypto security, with over $2.1 billion lost to hacks. North Korean-linked groups are reportedly responsible for $1.6 billion of this total, largely due to the historic $1.5 billion Bybit hack. The report also highlights a strategic shift in attack vectors, with 80% of stolen funds coming from infrastructure-level breaches like private key theft, which are proving far more lucrative than smart contract exploits. Despite these severe security threats, market data shows Ethereum (ETH) trading resiliently around $2,600, up over 6% in the past 24 hours. |
2025-07-02 12:35 |
North Korean Hackers Target Crypto Firms with PylangGhost Malware, Exposing Critical DeFi Operational Security (OPSEC) Failures
According to @zachxbt, a North Korean hacking group known as Famous Chollima is deploying a new Python-based malware called PylangGhost through fake job applications impersonating top firms like Coinbase and Robinhood. This remote access trojan (RAT) is designed to steal credentials and wallet data from over 80 browser extensions, including MetaMask and Phantom, by tricking applicants into running malicious commands. The analysis highlights that the primary vulnerability in Web3 is not smart contract code but poor operational security (OPSEC), such as inadequate key management and a lack of contributor vetting. This operational negligence in DeFi contrasts sharply with the mature, layered security culture of traditional finance (TradFi). Despite these significant security threats, market data shows major assets trading higher, with ETHUSDT up 6.285% and SOLUSDT up 4.172% in the last 24 hours, suggesting the market may be underpricing these systemic risks. |
2025-07-02 12:35 |
North Korean Hackers Target Crypto Firms with PylangGhost Malware, Fueling Record $2.1B in H1 2025 Thefts
According to @zachxbt, North Korean hackers are deploying a new Python-based malware called PylangGhost, disguised in fake job applications from major crypto firms like Coinbase and Uniswap to steal wallet credentials. A report from Cisco Talos details that the malware targets crypto professionals on Windows systems, aiming to compromise wallets such as MetaMask and Phantom. This activity is part of a larger, alarming trend highlighted by a TRM Labs report, which found that a record $2.1 billion was stolen from crypto platforms in the first half of 2025. North Korean-linked groups are reportedly responsible for $1.6 billion of these losses, primarily due to the historic $1.5 billion Bybit hack. The analysis indicates a strategic shift in attack vectors, with over 80% of stolen funds coming from infrastructure-level breaches like private key theft, which are proving far more profitable than DeFi exploits. Despite these significant security threats, market data shows resilience, with Ethereum (ETH) trading around $2,599.45, up over 6.3% in 24 hours, and Chainlink (LINK) at $13.81, up over 5.8%. |
2025-07-02 12:35 |
North Korean Hackers Drive Record $2.1B Crypto Losses in H1 2025; New Malware Targets Coinbase, Uniswap, and MetaMask Users
According to @zachxbt, the first half of 2025 has set a grim record with over $2.1 billion lost to crypto hacks and exploits, marking the worst six-month period for digital asset security. A TRM Labs report highlights that North Korean-linked groups are the primary threat, responsible for $1.6 billion (70%) of these losses, heavily skewed by the historic $1.5 billion Bybit hack. From a trading perspective, the attack vectors have critically shifted; over 80% of stolen funds now originate from infrastructure-level breaches like private key theft, which are ten times more lucrative than the once-dominant DeFi smart contract exploits. Concurrently, a new malware threat named PylangGhost has emerged, as detailed by Cisco Talos. This malware, operated by the North Korean group Famous Chollima, targets crypto professionals through fake job applications for major firms like Coinbase, Robinhood, and Uniswap. The malware is designed to steal credentials and data from over 80 browser extensions, including popular wallets like MetaMask and Phantom, posing a direct and severe risk to individual traders' holdings. Despite these significant security threats, market data indicates resilience, with Ethereum (ETH) posting a 24-hour gain of over 6%, trading around $2,600. |
2025-06-30 15:35 |
Crypto Security Alert: North Korean Hackers Target MetaMask & Phantom Wallets as ETH Price Surges 5.4% to $2620
According to @karpathy, traders should be on high alert as a North Korean hacking group, Famous Chollima, is deploying new Python-based malware called PylangGhost to compromise crypto workers. A report from Cisco Talos indicates the malware is hidden in fake job applications from top firms like Coinbase and Uniswap, and is designed to steal credentials and data from over 80 browser extensions, including critical wallets like MetaMask, Phantom, and TronLink. This security threat emerges as the crypto market shows notable strength. Market data reveals Ethereum (ETH) has surged 5.41% to $2620.25, with Chainlink (LINK) rising 4.21% to $13.86, and Solana (SOL) up 1.20% to $152.61. The report also highlights the long-term convergence of AI and Web3, exemplified by innovators like Nkiru Uwaje of MANSA, whose project secured a pre-seed round from Tether, underscoring continued venture interest in the space despite security risks. |
2025-06-28 18:44 |
North Korean Hackers Target Coinbase and Uniswap Job Applicants With New PylangGhost Malware
According to phantom, a North Korean hacking group known as Famous Chollima is actively targeting cryptocurrency professionals with a new Python-based malware named PylangGhost. The attack vector involves impersonating top crypto firms like Coinbase, Robinhood, and Uniswap through sophisticated fake career websites, as detailed in a report by Cisco Talos. Job applicants, particularly software engineers and designers in India, are lured into a fake skills test that tricks them into running a command to install the malware. For traders, the primary risk is the malware's ability to steal critical data from over 80 browser extensions, including popular wallets like MetaMask, Phantom, and TronLink, as well as password managers like 1Password. This could lead to the direct theft of user funds, compromising individual accounts and potentially impacting the security and reputation of the targeted platforms. The malware grants attackers full remote control over infected Windows machines, posing a significant threat to the assets held by employees and users of major crypto companies. |