Contact

Famous Chollima deploying Python version of GolangGhost RAT

NetmanageIT OpenCTI - opencti.netmanageit.com

Famous Chollima deploying Python version of GolangGhost RAT



SUMMARY :

In May 2025, Cisco Talos identified a Python-based remote access trojan (RAT) called 'PylangGhost', used by a North Korean-aligned threat actor. PylangGhost shares similarities with the previously documented GolangGhost RAT. The threat actor, Famous Chollima, has been targeting employees with experience in cryptocurrency and blockchain technologies through fake job interview sites. The attacks primarily affect users in India. The malware is deployed through a two-stage process involving fake skill-testing pages and malicious command execution. PylangGhost consists of six Python modules and offers functionalities similar to its Golang counterpart, including system information collection, file manipulation, and browser data theft from over 80 extensions.

OPENCTI LABELS :

rat,blockchain,cryptocurrency,browser data theft,golangghost,pylangghost


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Famous Chollima deploying Python version of GolangGhost RAT