Place your ads here email us at info@blockchain.news
NEW
North Korean Hackers Target Crypto Firms with New Malware; FBI Veteran Joins TRM Labs to Combat Illicit Finance | Flash News Detail | Blockchain.News
Latest Update
7/2/2025 12:35:00 PM

North Korean Hackers Target Crypto Firms with New Malware; FBI Veteran Joins TRM Labs to Combat Illicit Finance

North Korean Hackers Target Crypto Firms with New Malware; FBI Veteran Joins TRM Labs to Combat Illicit Finance

According to @zachxbt, researchers at Cisco Talos have identified a North Korean hacking group, known as Famous Chollima, targeting cryptocurrency workers with new Python-based malware called PylangGhost. The attack vector involves impersonating major crypto firms like Coinbase, Robinhood, and Uniswap through fake job applications to trick individuals into installing the malware. This Remote Access Trojan (RAT) is designed to steal sensitive data from over 80 browser extensions, including critical crypto wallets like MetaMask, Phantom, and TronLink, posing a direct threat to user assets and company security. In a related development for industry security, former FBI Supervisory Special Agent Christopher Wong, who co-led the investigation into the $3.6 billion Bitfinex hack and the Axie Infinity Ronin Bridge breach, has joined blockchain intelligence firm TRM Labs. This move signals a significant enhancement in the private sector's capabilities to track and combat illicit crypto activities, a crucial development for investor confidence.

Source

Analysis

The cryptocurrency landscape is locked in a perpetual battle between malicious actors and security experts, a dynamic highlighted by two recent, significant developments. On one front, North Korean state-sponsored hackers are deploying increasingly sophisticated malware disguised as job opportunities. On the other, a top FBI crypto crime investigator is moving to the private sector to bolster the industry's defenses. This juxtaposition underscores the maturing nature of the digital asset space, where the stakes—and the sophistication of both attack and defense—are constantly rising. For traders, these events are not just background noise; they directly influence market sentiment, systemic risk, and the long-term viability of the ecosystem.



The Evolving Threat: North Korea's PylangGhost Malware Campaign


A North Korean hacking syndicate, identified as Famous Chollima, has launched a new campaign targeting cryptocurrency professionals with a cunning social engineering scheme. According to a detailed report by researchers at Cisco Talos, the group impersonates top-tier crypto firms like Coinbase, Robinhood, and Uniswap by creating elaborate fake career websites. These sites are designed to lure developers, designers, and marketers into a fraudulent hiring process. The attack preys on the industry's competitive job market, using staged "skill tests" as the delivery mechanism for a potent piece of malware.


The malware, dubbed PylangGhost, is a Python-based Remote Access Trojan (RAT) and a new variant of the previously identified GolangGhost. After a target completes the fake skill assessment, they are prompted to run a command in their terminal, supposedly to install a video driver. This command secretly downloads and executes the RAT. The malware is engineered to steal a vast array of sensitive data, including login credentials, session cookies, and private keys from over 80 different browser extensions, such as the widely used MetaMask, Phantom, and TronLink wallets, as well as password managers like 1Password. The RAT gives attackers full remote control over the victim's machine, allowing them to transfer files, execute commands, and exfiltrate data through RC4-encrypted HTTP packets, a method that, while encrypted, uses an outdated and vulnerable cipher. This direct threat to user wallets underscores the critical importance of operational security for every market participant.



Bolstering the Defense: FBI Veteran Christopher Wong Joins TRM Labs


In a significant move to counter these advanced threats, Christopher Wong, a former FBI Supervisory Special Agent renowned for his work in cryptocurrency investigations, has joined blockchain intelligence firm TRM Labs. Wong was a pivotal figure in some of the U.S. government's most high-profile crypto cases. He co-led the investigation into the 2016 Bitfinex hack, which culminated in a historic $3.6 billion cryptocurrency seizure. He also played a crucial role in probing the $600 million Axie Infinity Ronin Bridge breach, an attack attributed to North Korea's Lazarus Group. This investigation led to the first-ever U.S. sanctions against a cryptocurrency mixer. Ari Redbord, global head of policy at TRM Labs, stated, "Chris is not only one of the most talented and respected investigators in the world, he’s also an inspiring colleague who makes everyone around him better." Wong's transition from federal law enforcement to a leading private-sector security firm signals a powerful reinforcement of the industry's defensive capabilities, aiming to disrupt the very criminal enterprises he once pursued from within the government.



Market Impact and Trading Analysis


While security news unfolds, the market has shown remarkable strength. Ethereum (ETH) has been a standout performer. The ETH/USDT pair surged 6.28% over the past 24 hours, climbing from a low of $2,432.82 to a high of $2,615.26, settling around $2,598.47. This powerful upward move demonstrates strong buying pressure, with the $2,430 level acting as a solid support base. The trading volume of over 545,000 ETH on this pair confirms the conviction behind the rally. Critically, ETH is also gaining ground against Bitcoin. The ETH/BTC pair rose 3.557% to 0.02358, suggesting that capital is rotating into Ethereum at a faster pace than into Bitcoin, a potentially bullish signal for the broader altcoin market.


This bullish sentiment is echoed in other major altcoins like Chainlink (LINK). The LINK/USDT pair posted a strong gain of 5.824%, rising to $13.81 on a significant volume of over 4.8 million LINK. The price pushed from a low of $13.01 to a high of $13.82, indicating that the rally has broad participation. For traders, the outperformance of ETH versus BTC is a key metric to watch. A sustained move above the 0.024 ETH/BTC level could signal the start of a more pronounced 'altseason'. The dual reality of rising security threats and strengthening market prices creates a complex environment. The recruitment of top talent like Wong by firms such as TRM Labs is a long-term bullish fundamental, as it increases institutional trust and reduces systemic risk from hacks. In the short term, traders must remain vigilant, securing their assets while capitalizing on the clear bullish momentum present in major pairs like ETH/USDT and LINK/USDT.

ZachXBT

@zachxbt

ZachXBT is an Pseudonymous independent on-chain sleuth who is popular on revealing bad actors and scams in the crypto space

Place your ads here email us at info@blockchain.news