{"id":20688,"date":"2026-01-27T07:59:55","date_gmt":"2026-01-27T07:59:55","guid":{"rendered":"https:\/\/bitunikey.com\/news\/north-korean-hackers-use-deepfake-zoom-calls-to-target-crypto-professionals\/"},"modified":"2026-01-27T08:00:19","modified_gmt":"2026-01-27T08:00:19","slug":"north-korean-hackers-use-deepfake-zoom-calls-to-target-crypto-professionals","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/north-korean-hackers-use-deepfake-zoom-calls-to-target-crypto-professionals\/","title":{"rendered":"North Korean hackers use deepfake Zoom calls to target crypto professionals"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">North Korean threat actors are once again targeting cryptocurrency developers and professionals using live video calls on Zoom to dupe them into installing malware.<\/p>\n<div id=\"cn-block-summary-block_573e0ac6809a28025fce202138ccd4ff\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>North Korean hackers are using deepfake video calls and compromised Telegram accounts to deliver malware targeting crypto professionals.<\/li>\n<li>Over $300 million has been stolen using similar tactics.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>Hackers based in North Korea are using compromised Telegram accounts and deep fake AI videos to impersonate known contacts and deliver malicious payloads, according to BTC Prague co-founder Martin Kucha\u0159.<\/p>\n<p>\u201cA high-level hacking campaign is currently targeting Bitcoin and crypto users. I have been personally affected via a compromised Telegram account,\u201d Kucha\u0159 <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/kucharmartin_\/status\/2014268846094311739?s=20\" target=\"_blank\" rel=\"nofollow\">wrote on X<\/a>.<\/p>\n<p>According to his post, victims get a call from a known contact, which is originally a hijacked Telegram account taken over by attackers. Through these live calls, bad actors pretend to be the victim\u2019s friend using deep fake technology, all while staying muted.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>This silence acts as the hook, as the next stage of the attack involves convincing the victim to install a plugin or a file that claims to fix audio issues. In reality, the file houses malware, often a Remote Access Trojan, that grants attackers full system access once executed.<\/p>\n<p>As soon as access is gained, attackers are able to view all Telegram contacts and reuse the compromised account to reach out to the next victim in the same manner.<\/p>\n<p>\u201cInform your colleagues and network immediately. Do not join any unverified Zoom\/Teams calls,\u201d Kucha\u0159 added.<\/p>\n<p>Security researchers at cybersecurity company Huntress have <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.huntress.com\/blog\/inside-bluenoroff-web3-intrusion-analysis\" target=\"_blank\" rel=\"nofollow\">observed<\/a> that similar attacks have been launched by TA444, a North Korean state-sponsored threat group that operates under the notorious Lazarus Group.<\/p>\n<h1 class=\"wp-block-heading\">North Korean hackers have drained over $300m\u00a0<\/h1>\n<p>Although not a new attack vector, North Korean hackers have already stolen over $300 million using similar techniques as warned by MetaMask security researcher Taylor Monahan last month.<\/p>\n<p>Monahan warned that attackers often rely on previous chat history to learn more about the victims before they use it against them to gain their trust.<\/p>\n<p>The most common targets are those deeply embedded in the crypto space, including developers, exchange staff, and company executives. In one example from September last year, a targeted attack against a THORchain executive led to losses of around $1.3 million after a MetaMask wallet was drained without any system prompts or requests for administrator approval.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>North Korean threat actors are once again targeting cryptocurrency developers and professionals using live video calls on Zoom to dupe them into installing malware. Summary North Korean hackers are using&hellip;<\/p>\n","protected":false},"author":1,"featured_media":20689,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-20688","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/20688","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=20688"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/20688\/revisions"}],"predecessor-version":[{"id":20690,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/20688\/revisions\/20690"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/20689"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=20688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=20688"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=20688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}