North Korea-Linked Hackers Use Deepfake Video Calls to Target Cryptocurrency Professionals
Cybercrime is taking a concerning turn as hackers linked to North Korea increasingly leverage advanced technologies like artificial intelligence (AI) to orchestrate their attacks on crypto industry workers. These attacks, involving AI-generated deepfake video calls, have emerged as a sophisticated method to deceive victims into installing malware, compromising their devices, and stealing digital assets.
The Sophisticated Methodology of the Attack
In a recent case disclosed by BTC Prague’s co-founder Martin Kuchař, attackers employed a duplicitous strategy involving both Telegram and Zoom. Using a hacked Telegram account for initial contact, the hackers convinced their target to join a video call on platforms like Zoom or Microsoft Teams. The kicker? The person on the video wasn’t real. Instead, AI-generated video footage mimicked a trusted associate of the victim.
Mid-conversation, the attackers falsely claimed an audio issue and persuaded the target to download a plugin or file that was alleged to resolve the problem. Once executed, the seemingly harmless file unleashed malware onto the victim’s system. This malware provided attackers with unfettered system access, enabling them to steal high-value cryptocurrency wallets, hijack Telegram accounts for further exploitation, and target new victims in ripple-effect campaigns.
A Recurring Threat Highlighted by Experts
Security researchers, including Huntress and David Liberman, co-creator of decentralized AI compute network Gonka, confirm that this methodology aligns with tactics previously employed by the Lazarus Group. This state-sponsored hacker collective, also known as TA444, has been actively linked to crypto-related cyberattacks since 2017.
The malware, installed under the guise of a Zoom “audio fix,” runs through a well-threaded process. It leverages tools like Apple’s Rosetta 2 translation layer to exploit macOS devices and collects user credentials by prompting repeated administrator password requests. The end game is a suite of attacks involving keylogging, theft of clipboard content, deployment of backdoors, and siphoning digital wallets.
Deepfake Technology: The New Face of Cybercrime
Deepfake scams present a growing threat, with technology so advanced that it can replicate familiar faces and voices with chilling accuracy. Shān Zhang, the Chief Information Security Officer at blockchain security firm Slowmist, noted that attackers have reused similar malware scripts and targeted crypto wallets consistently, indicating a long-term coordinated campaign.
The financial impact? Staggering. According to Chainalysis, AI-driven scams like these resulted in over $17 billion in cryptocurrency losses in 2025 alone. This sharp increase underlines the importance of staying vigilant and employing hardened security protocols both at the individual and organizational levels.
How to Protect Yourself Against This Growing Threat
Combatting this issue demands rigorous security practices. Experts recommend the following measures:
- Always verify the identity of contacts on communication platforms like Telegram, Zoom, or Teams.
- Avoid downloading unknown plugins or files, especially from unverified sources.
- Implement multi-factor authentication and encryption for critical funds and sensitive accounts.
- Keep your software updated to ensure security vulnerabilities are patched promptly.
- Invest in advanced antivirus and anti-malware tools such as Norton 360 Premium, which offers real-time protection against threats on macOS and Windows systems.
As cybersecurity expert David Liberman advises, imagery and digital content can no longer serve as reliable proof of authenticity. Instead, cryptographic signatures and multi-factor authentication should be critical components of your security framework.
Conclusion: A Digital Landscape Under Siege
The evolving tactics of the Lazarus Group and other state-sponsored cybercriminals underscore the necessity for vigilance in the crypto world. As hackers become more sophisticated, leveraging deepfake technology and advanced malware, users and organizations must adopt cutting-edge defenses to contend with these emerging threats. Staying informed and prepared is key to protecting your assets and minimizing risk in this rapidly evolving digital landscape.
