A naukri.com initiative
Bitcoinist
3d
116
Image Credit: Bitcoinist
Crypto Jobs in Danger: North Korean Hackers Strike Again With New Malware
- A North Korean-aligned group has targeted crypto job hunters in India with a new Python-based remote access trojan, according to Cisco Talos.
- Fake job sites and staged interviews are used to deceive candidates into running malicious code, leading to the compromise of wallet keys and password managers.
- The campaign attracts job seekers with postings that imitate major platforms like Coinbase, Robinhood, and Uniswap, using LinkedIn or email communication.
- Candidates are directed to a 'skill-testing' site where system details and browser info are collected in the background.
- During a live video interview, candidates are prompted to update camera drivers, facilitating the installation of the PylangGhost trojan.
- PylangGhost, a variation of the GolangGhost tool, targets browser extensions to steal cookies and passwords, establishing remote control access.
- North Korean hackers have a history of similar attacks, including a fake recruitment test before the $1.4 billion Bybit heist.
- Security measures advised include verifying URLs for mistakes, scrutinizing job offers via trusted channels, and employing endpoint detection tools.
- State-linked actors are employing social engineering tactics and custom malware to steal crypto assets, highlighting the need for caution during job searches in the blockchain sector.
- Experts recommend keeping hardware wallets offline, using separate profiles for job hunting, and maintaining vigilant hiring processes and technical controls.
- The mix of social engineering and advanced malware poses a significant risk to individuals in the crypto job market.
- Vigilance and stringent security practices are crucial defenses against evolving threats targeting crypto workers.
Read Full Article
7 Likes
For uninterrupted reading, download the app