ExchangeDEX+

Buy Crypto Markets Spot FuturesGOLD Earn Event Center

North Korean threat actors are once again targeting cryptocurrency developers and professionals using live video calls on Zoom to dupe them into installing malwareNorth Korean threat actors are once again targeting cryptocurrency developers and professionals using live video calls on Zoom to dupe them into installing malware

North Korean hackers use deepfake Zoom calls to target crypto professionals

Author: Crypto.news

Source: Crypto.news

2026/01/27 15:48

North Korean threat actors are once again targeting cryptocurrency developers and professionals using live video calls on Zoom to dupe them into installing malware.

Summary

North Korean hackers are using deepfake video calls and compromised Telegram accounts to deliver malware targeting crypto professionals.
Over $300 million has been stolen using similar tactics.

Hackers based in North Korea are using compromised Telegram accounts and deep fake AI videos to impersonate known contacts and deliver malicious payloads, according to BTC Prague co-founder Martin Kuchař.

“A high-level hacking campaign is currently targeting Bitcoin and crypto users. I have been personally affected via a compromised Telegram account,” Kuchař wrote on X.

According to his post, victims get a call from a known contact, which is originally a hijacked Telegram account taken over by attackers. Through these live calls, bad actors pretend to be the victim’s friend using deep fake technology, all while staying muted.

This silence acts as the hook, as the next stage of the attack involves convincing the victim to install a plugin or a file that claims to fix audio issues. In reality, the file houses malware, often a Remote Access Trojan, that grants attackers full system access once executed.

As soon as access is gained, attackers are able to view all Telegram contacts and reuse the compromised account to reach out to the next victim in the same manner.

“Inform your colleagues and network immediately. Do not join any unverified Zoom/Teams calls,” Kuchař added.

Security researchers at cybersecurity company Huntress have observed that similar attacks have been launched by TA444, a North Korean state-sponsored threat group that operates under the notorious Lazarus Group.

North Korean hackers have drained over $300m

Although not a new attack vector, North Korean hackers have already stolen over $300 million using similar techniques as warned by MetaMask security researcher Taylor Monahan last month.

Monahan warned that attackers often rely on previous chat history to learn more about the victims before they use it against them to gain their trust.

The most common targets are those deeply embedded in the crypto space, including developers, exchange staff, and company executives. In one example from September last year, a targeted attack against a THORchain executive led to losses of around $1.3 million after a MetaMask wallet was drained without any system prompts or requests for administrator approval.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.