Famous Chollima creates fake job opportunities that lead candidates to skill-testing sites impersonating reputable companies like Coinbase and Robinhood.

The malware used in this campaign includes a Python-based variant called PylangGhost for Windows users and a Golang-based variant named GolangGhost for macOS users.

For Windows, the malicious commands download PylangGhost via a renamed Python interpreter, while macOS users are infected through a similar process using GolangGhost.

Once installed, the malware allows hackers to steal sensitive information, including login credentials and cryptocurrency wallet data.

PylangGhost's architecture supports persistence and credential theft from over 80 browser extensions, enhancing the attackers' financial objectives.

While the campaign primarily affects users in India, its sophisticated nature raises concerns about potential broader impacts on the cryptocurrency sector.

Cisco Talos has developed detection and mitigation tools to help organizations combat these threats, particularly in the cryptocurrency sector.

The North Korean hacking group known as Famous Chollima has launched a new campaign targeting job applicants in the cryptocurrency and blockchain sectors, particularly in India.

This campaign aims to exploit professionals in software engineering, marketing, and design, indicating a clear financial motive behind their operations.

Victims are lured through personalized invite codes and are instructed to provide personal information and run commands that install malware disguised as video drivers.

The malware installation process often involves requests for camera access and personal details, ultimately leading to the deployment of malicious software.

Experts advise job seekers to be cautious of unsolicited offers, avoid executing unknown commands, and ensure their systems are adequately protected.