North Korean threat group Famous Chollima is using blockchain technology to hide malware payloads in smart contracts which marks the first documented case of a nation-state actor adopting “EtherHiding” 0 Talos and Google Threat Intelligence Group independently confirmed the attacks target job seekers through fake interview processes deploying malware that steals crypto and 1 group deployed a new JavaScript module that combines BeaverTail and OtterCookie malware featuring keylogging and screenshot 2 malicious software was distributed via a 3 package named “ node-nvm-ssh ” on the official NPM repository
disguised as a chess application called “ Chessfi .” Node-nvm-ssh infection path |) September 18 2025 He cited a major Indian outsourced service hack that leaked 4 user data resulting in over $400 million in 5 Talos has previously documented Famous Chollima creating fraudulent skill-testing websites using React frameworks that closely mimic legitimate company assessment platforms through the PylangGhost malware campaign which targets crypto 6 complete technical assessments
which include downloading alleged video drivers containing malicious Python-based 7 have been made to stop these bad actors as 8 recently seized over $7.7 million in crypto allegedly earned through networks of covert IT workers.
Story Tags
Latest news and analysis from cryptonews
