NICKEL ALLEY strategy: Fake it ‘til you make it

Sophos/CTU researchers report that NICKEL ALLEY, a North Korean-affiliated actor, targets technology and Web3 developers with fake job lures and ClickFix-style assessments to trick victims into running commands that deploy PyLangGhost RAT (and prior GoLangGhost), enabling credential and crypto-wallet theft, file exfiltration, and potential supply-chain or corporate espionage; the report includes infection chain details, IOCs (domains, IPs, hashes), and detection/mitigation guidance.