North Korea–Linked Hackers Use Deepfake Video Calls to Target Crypto Workers

The post North Korea–Linked Hackers Use Deepfake Video Calls to Target Crypto Workers appeared on BitcoinEthereumNews.com.

In brief Attackers have used a fake video call and a Zoom “audio fix” to deliver macOS malware. The method matches a previously documented intrusion method tied to North Korea’s BlueNoroff, a Lazarus sub-group. The incident comes as AI-driven impersonation scams pushed crypto losses to a record $17 billion in 2025. North Korea-linked hackers continue to use live video calls, including AI-generated deepfakes, to trick crypto developers and workers into installing malicious software on their own devices. In the latest instance disclosed by BTC Prague co-founder Martin Kuchař, attackers used a compromised Telegram account and a staged video call to push malware disguised as a Zoom audio fix, he said. The “high-level hacking campaign” appears to be “targeting Bitcoin and crypto users,” Kuchař disclosed Thursday on X.  Attackers contact the victim and set up a Zoom or Teams call, Kuchař explained. During the call, they use an AI-generated video to appear as someone the victim knows. They then claim there is an audio problem and ask the victim to install a plugin or file to fix it. Once installed, the malware grants attackers full system access, allowing them to steal Bitcoin, take over Telegram accounts, and use those accounts to target others. It comes as AI-driven impersonation scams have pushed crypto-related losses to a record $17 billion in 2025, with attackers increasingly using deepfake video, voice cloning, and fake identities to deceive victims and gain access to funds, according to data from blockchain analytics firm Chainalysis. Similar attacks The attack, as described by Kuchař, closely matches a technique first documented by cybersecurity company Huntress, which reported in July last year that these attackers lure a target crypto worker into a staged Zoom call after initial contact on Telegram, often using a fake meeting link hosted on a spoofed Zoom…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ January 27, 2026 2:27 am