Famous Chollima’s PylangGhost
Contents
Verticals Targeted: Cryptocurrency
Regions Targeted: India
Related Families: GolangGhost
Executive Summary
Famous Chollima, a North Korean-aligned threat actor, has deployed PylangGhost, a Python-based remote access trojan (RAT), targeting cryptocurrency and blockchain professionals in India. This malware, a variant of the GolangGhost RAT, facilitates credential theft and remote system control via sophisticated social engineering tactics.
Key Takeaways
- PylangGhost, a Python-based RAT, mirrors the functionality of the GolangGhost RAT, targeting Windows systems in cryptocurrency and blockchain sectors.
- The malware is delivered through fake job recruitment platforms, leveraging social engineering to trick victims into executing malicious scripts.
- PylangGhost steals credentials from over 80 browser extensions, including cryptocurrency wallets and password managers.
What is PylangGhost?
In May 2025, Cisco Talos identified PylangGhost, a Python-based remote access trojan (RAT) deployed by the North Korean-aligned threat actor Famous Chollima. This malware targets Windows systems, while its predecessor, the Golang-based GolangGhost RAT, continues to target macOS users. PylangGhost is delivered through a sophisticated social …
Regions Targeted: India
Related Families: GolangGhost
Executive Summary
Famous Chollima, a North Korean-aligned threat actor, has deployed PylangGhost, a Python-based remote access trojan (RAT), targeting cryptocurrency and blockchain professionals in India. This malware, a variant of the GolangGhost RAT, facilitates credential theft and remote system control via sophisticated social engineering tactics.
Key Takeaways
- PylangGhost, a Python-based RAT, mirrors the functionality of the GolangGhost RAT, targeting Windows systems in cryptocurrency and blockchain sectors.
- The malware is delivered through fake job recruitment platforms, leveraging social engineering to trick victims into executing malicious scripts.
- PylangGhost steals credentials from over 80 browser extensions, including cryptocurrency wallets and password managers.
What is PylangGhost?
In May 2025, Cisco Talos identified PylangGhost, a Python-based remote access trojan (RAT) deployed by the North Korean-aligned threat actor Famous Chollima. This malware targets Windows systems, while its predecessor, the Golang-based GolangGhost RAT, continues to target macOS users. PylangGhost is delivered through a sophisticated social …
IoC
c2137cd870de0af6662f56c97d27b86004f47b866ab27190a97bde7518a9ac1b