Summary
- Cybercriminals are exploiting a fake video call along with a fabricated Zoom “audio fix” to propagate malware on macOS systems.
- This tactic aligns with a previously reported infiltration strategy associated with North Korea’s BlueNoroff, part of the Lazarus group.
- The incident occurs amidst a rise in AI-driven impersonation scams, contributing to cryptocurrency losses reaching $17 billion in 2025.
Hackers linked to North Korea are increasingly using live video calls, including AI-generated deepfakes, to deceive cryptocurrency developers and professionals into unwittingly installing harmful software.
Recently, as reported by BTC Prague co-founder Martin Kuchař, attackers utilized a compromised Telegram account and a fabricated video call to distribute malware concealed as a Zoom audio fix.
Kuchař described the “high-level hacking campaign” as specifically aimed at Bitcoin and cryptocurrency users, sharing his findings on X.
Attackers initiate contact with a victim to set up a Zoom or Teams call, during which they impersonate a trusted source using an AI-generated video. They claim audio issues and persuade the victim to install a supposed fix, which in reality installs malware with full access to the system, permitting theft of Bitcoin and taking over Telegram accounts to target additional victims.
The rise of AI-driven scams has coincided with massive cryptocurrency losses, estimated to hit a record $17 billion in 2025, as outlined by blockchain analytics firm Chainalysis, highlighting the increasing sophistication of deceptive techniques such as deepfake videos and voice duplication.
Security researchers at Huntress have linked these attacks to a persistent threat group associated with North Korea, known as TA444 or BlueNoroff, focusing on cryptocurrency theft since 2017. Experts recommend treating digital content verification with skepticism, advocating for cryptographic signing to enhance authenticity and security against these evolving threats.
