Show threadSekoia.ioJul 21, 2025
And everything is hosted on a single platform. At the end of the process, you're politely asked to download a 'driver' to magically make your webcam work ✹
Spoiler alert: it's not a driver, it's #GolangGhost, a custom malware with remote access capabilities.
The Threat CodexJul 2, 2025
Famous Chollima deploying Python version of GolangGhost RAT
#FAMOUSCHOLLIMA #GolangGhost
https://blog.talosintelligence.com/python-version-of-golangghost-rat/
Famous Chollima deploying Python version of GolangGhost RAT

Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.

Cisco Talos Blog
The Threat CodexApr 3, 2025
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
#UNC5342 #GolangGhost
https://blog.sekoia.io/clickfake-interview-campaign-by-lazarus/
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic

Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.

Sekoia.io Blog
lazarusholicMar 31, 2025
"From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic" published by SEKOIA. #ClickFix, #ContagiousInterview, #GolangGhost, #Lazarus, #FrostyFerret, #DPRK, #CTI https://blog.sekoia.io/clickfake-interview-campaign-by-lazarus/
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic

Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.

Sekoia.io Blog
Sekoia.ioMar 31, 2025

đŸ‡°đŸ‡” Sekoia #TDR team investigated a malicious campaign that employs fake job interview websites to deliver backdoors on Windows and macOS - #GolangGhost using #ClickFix tactic. Dubbed #ClickFake Interview, this campaign has been attributed to #Lazarus, a #DPRK state-sponsored threat actor, which has been targeting the cryptocurrency industry since at least 2017.

https://blog.sekoia.io/clickfake-interview-campaign-by-lazarus/

From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic

Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.

Sekoia.io Blog