Beware! North Korean hackers impersonate recruiters targeting crypto companies, over 3100+ IPs compromised

【CryptoWorld】Recently, a frightening security incident has come to light. A hacker group called PurpleBravo (linked to North Korea) has launched “recruitment traps” online, targeting AI, cryptocurrency, and financial services companies.

Their tactics are as follows: hackers pretend to be recruiters or developers, inviting job seekers to participate in technical interviews. You might think it’s a genuine job opportunity, but you’re lured into executing malicious code. The attackers also pose as representatives from well-known crypto or tech companies, asking you to review code, clone repositories, or complete programming tasks — all just a cover.

This operation is quite large-scale. Security teams have identified over 3,100 IP addresses involved in cyber espionage activities, with victims from South Asia, North America, and other regions.

The tools used by the hackers are quite ruthless. They deployed remote access Trojans like PylangGhost and GolangGhost, which can automatically steal your browser credentials and cookies — meaning your account passwords could be compromised. These hackers are also very cunning, disguising their true identities with fake Ukrainian Odessa profiles, hosting malicious software through malicious GitHub repositories, Astrill VPN, and servers from 17 different service providers.

Even more upsetting, they are selling LinkedIn and Upwork accounts on Telegram channels and have interacted with some crypto trading platforms.

Therefore, everyone should be cautious in this area:

• Be careful when receiving “technical interview” invitations from unfamiliar companies; verify their authenticity
• Do not execute unknown code or clone unknown repositories during interviews
• Regularly check your account activity and enable two-factor authentication
• Be vigilant against phishing emails and fake job links