NK Hackers Deploy PylangGhost through Fake Crypto Job Interviews

One North Korea–linked group wey dem dey call Famous Chollima (Wagemole) don launch correct phishing campaign wey dey target crypto job seekers for India. Dem dey use names of Coinbase, Uniswap and Robinhood to act like recruiters and dey lure candidates go video interviews under technical assessment bicos. During call, victims go run commands wey dem tell say na to update video drivers but na PylangGhost (Python-based remote access trojan) dey install. Once e land, the malware go dey collect system info, dey take screenshots, plus dey steal credentials from pass 80 browser extensions including MetaMask, Phantom, TronLink plus MultiverseX and password managers too. Cisco Talos researchers talk say PylangGhost get features like GolangGhost wey dem see before but no get AI-generated code. This campaign show how phishing and remote access threats to crypto dey rise, and e tell make people secure their wallet credentials well-well.