BlockBeats News, January 22nd: Following the theft of over $2 billion from the cryptocurrency market in 2025, North Korean hackers have resurfaced. A hacker group named PurpleBravo launched a large-scale fake recruitment campaign, targeting over 3,100 internet addresses associated with artificial intelligence, cryptocurrency, and financial service companies. The attackers, posing as recruiters or developers, guided job seekers to perform technical interview tasks such as code reviews, code cloning, or programming tasks, leading to the execution of malicious code on corporate devices. Currently, 20 organizations from South Asia, North America, Europe, the Middle East, and Central America have been confirmed as victims.
Researchers found that North Korean hackers used forged Ukrainian identities for obfuscation and deployed two remote access trojans, PylangGhost and GolangGhost, to steal browser credentials. They also weaponized Microsoft Visual Studio Code to implant backdoors through malicious Git repositories.
