朝鲜黑客针对加密招聘部署新型恶意软件，支持从浏览器扩展窃取凭证

Blockbeats

Yesterday

BlockBeats 消息，6 月 20 日，据 Decrypt 报道，威胁情报研究公司 Cisco Talos 周三报告，朝鲜黑客通过伪装成 Coinbase 和 Uniswap 等公司招聘人员的假面试，针对加密货币专业人士部署了名为“PylangGhost”的新型 Python 远程访问木马，该恶意软件与朝鲜相关著名黑客团体“Famous Chollima”（又称“Wagemole”）有关。

该恶意软件可从超过 80 个浏览器扩展中窃取凭证，包括 Metamask 和 1Password，并实现持久化远程访问。攻击主要针对 Windows 系统以及 macOS 用户，Linux 系统未受当前攻击波及。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2544514851"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2544514851\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2544514851?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-06-20 14:30","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2544514851","market":"us","top_or_hot":-1,"title":"朝鲜黑客针对加密招聘部署新型恶意软件，支持从浏览器扩展窃取凭证","media":"Blockbeats","content":"<html><body><div><p>BlockBeats 消息，6 月 20 日，据 Decrypt 报道，威胁情报研究公司 Cisco Talos 周三报告，朝鲜黑客通过伪装成 <a href=\"https://laohu8.com/S/COIN\">Coinbase</a> 和 Uniswap 等公司招聘人员的假面试，针对加密货币专业人士部署了名为“PylangGhost”的新型 Python <a href=\"https://laohu8.com/S/002692\">远程</a>访问木马，该恶意软件与朝鲜相关著名黑客团体“Famous Chollima”（又称“Wagemole”）有关。</p><p>该恶意软件可从超过 80 个浏览器扩展中窃取凭证，包括 Metamask 和 1Password，并实现持久化远程访问。攻击主要针对 Windows 系统以及 macOS 用户，Linux 系统未受当前攻击波及。</p></div></body></html>","source":"theblockbeats_zh_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>朝鲜黑客针对加密招聘部署新型恶意软件，支持从浏览器扩展窃取凭证</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n朝鲜黑客针对加密招聘部署新型恶意软件，支持从浏览器扩展窃取凭证\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-06-20 14:30 北京时间&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//flash/299241><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats 消息，6 月 20 日，据 Decrypt 报道，威胁情报研究公司 Cisco Talos 周三报告，朝鲜黑客通过伪装成 Coinbase 和 Uniswap 等公司招聘人员的假面试，针对加密货币专业人士部署了名为“PylangGhost”的新型 Python 远程访问木马，该恶意软件与朝鲜相关著名黑客团体“Famous Chollima”（又称“Wagemole”）有关。该...</p>\n\n<a href=\"https://www.theblockbeats.info//flash/299241\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"LU1046421795.USD","symbol_name":"富达环球科技A-ACC","start_time":0,"source_url":"https://www.theblockbeats.info//flash/299241","article_id":"2544514851","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2544514851","pubTimestamp":1750401000,"columns":[],"sourceInfo":{"source_id":"theblockbeats_zh_live","name":"blockbeat"},"weMediaInfo":null,"summary":"BlockBeats 消息，6 月 20 日，据 Decrypt 报道，威胁情报研究公司 Cisco Talos 周三报告，朝鲜黑客通过伪装成 Coinbase 和 Uniswap 等公司招聘人员的假","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"zh","relate_stocks":{"LU1046421795.USD":"富达环球科技A-ACC","BK4598":"佩洛西持仓","BTCO":"Invesco Galaxy Bitcoin ETF","IE00BQXX3F31.USD":"GUINNESS GLOBAL INNOVATORS \"C\" (USD) ACC","SG9999015341.SGD":"United Income Focus Trust Acc SGD-H","EZBC":"Franklin Bitcoin ETF","LU0957791311.USD":"THREADNEEDLE (LUX) GLOBAL FOCUS \"ZU\" (USD) ACC","IE00B5TLWC47.USD":"BNY MELLON LONG-TERM GLOBAL EQUITY \"B\" (USD) ACC","GBTC":"Grayscale Bitcoin Trust ETF","LU2491050071.SGD":"WELLINGTON SUSTAINABLE OUTCOMES \"A\" (SGDHDG) ACC","MSFT":"微软","LU0312595415.SGD":"Schroder ISF Global Climate Change Equity A Acc SGD","IE00BDGV0183.EUR":"GUINNESS GLOBAL EQUITY INCOME \"C\" (EUR) INC","BRRR":"CoinShares Valkyrie Bitcoin Fund","LU1623119135.USD":"Natixis Mirova Global Sustainable Equity R-NPF/A USD","LU0823421333.USD":"BNP PARIBAS DISRUPTIVE TECHNOLOGY \"C\" (USD) ACC","LU0267386448.USD":"FIDELITY FIRST ALL COUNTRY WORLD \"A\" (USD) INC","LU2592432038.USD":"WELLINGTON MULTI-ASSET HIGH INCOME \"A\" (USD) ACC","CSCO":"思科","IBIT":"iShares Bitcoin Trust ETF","BITO":"ProShares Bitcoin ETF","VBTC.AU":"Vaneck Bitcoin Etf","COIN":"Coinbase Global, Inc.","DEFI":"Hashdex Bitcoin ETF","LU0097036916.USD":"贝莱德美国增长A2 USD","FBTC":"Fidelity Wise Origin Bitcoin Fund","BTCW":"WisdomTree Bitcoin Fund","HODL":"VanEck Bitcoin ETF","LU1066053197.SGD":"HSBC GIF GLOBAL EQUITY VOLATILITY FOCUSED \"AM3\" (SGDHDG) INC"},"translate_title":"North Korean hackers deploy new malware targeting crypto recruitment to support credential theft from browser extensions","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"MSFT":1,"FBTC":1,"GBTC":1,"HODL":1,"IBIT":1,"VBTC.AU":1,"BITO":1,"BRRR":1,"BTCO":1,"BTCW":1,"COIN":1,"EZBC":1,"DEFI":1,"CSCO":1},"content_text":"BlockBeats 消息，6 月 20 日，据 Decrypt 报道，威胁情报研究公司 Cisco Talos 周三报告，朝鲜黑客通过伪装成 Coinbase 和 Uniswap 等公司招聘人员的假面试，针对加密货币专业人士部署了名为“PylangGhost”的新型 Python 远程访问木马，该恶意软件与朝鲜相关著名黑客团体“Famous Chollima”（又称“Wagemole”）有关。该恶意软件可从超过 80 个浏览器扩展中窃取凭证，包括 Metamask 和 1Password，并实现持久化远程访问。攻击主要针对 Windows 系统以及 macOS 用户，Linux 系统未受当前攻击波及。","kind":"live","is_publish_news":false,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"code":"91000000","status":"200"}}}