North Korean hackers use AI deepfake video calls to attack crypto professionals

Odaily Planet Daily reports that hacker groups linked to North Korea are continuously upgrading their attack methods against cryptocurrency industry professionals. They use AI-generated deepfake video calls, impersonating familiar or trusted individuals of the victims to induce them to install malware. Martin Kuchař, co-founder of BTC Prague, revealed that attackers utilize compromised Telegram accounts to initiate video calls and, under the guise of “fixing Zoom audio issues,” trick victims into installing malicious programs disguised as plugins, gaining full control of the device.

Security research firm Huntress pointed out that this attack pattern is highly consistent with their previous disclosures of operations targeting crypto developers. The malicious scripts can perform multi-stage infections on macOS devices, including implanting backdoors, recording keystrokes, stealing clipboard contents, and crypto wallet assets. Researchers strongly attribute this series of attacks to the North Korean state-sponsored hacker group Lazarus Group (also known as BlueNoroff).

Information security head at blockchain security company SlowMist stated that such attacks show clear reuse characteristics across different operations, with targets concentrated on specific wallets and crypto industry personnel. Analysts believe that as deepfake and voice cloning technologies become more widespread, images and videos are no longer reliable indicators of identity authenticity. The crypto industry needs to remain vigilant and strengthen multi-factor authentication and security measures. (decrypt)