In a troubling development for the cryptocurrency community, North Korean hackers are reportedly employing advanced deepfake technology during live Zoom calls to exploit unsuspecting crypto professionals. This sophisticated tactic aims to deceive developers and industry insiders into installing malware on their systems.
According to Martin Kuchař, co-founder of BTC Prague, these hackers leverage compromised Telegram accounts to initiate contact with potential victims. By impersonating known individuals through deepfake videos, they create a false sense of security among targets. Kuchař himself has fallen victim to this scheme, revealing his experience on social media platform X.
Victims receive calls from what appears to be a trusted contact, only to discover that it is a hijacked account controlled by the attackers. During these calls, the malicious actors remain muted, which serves as a deceptive tactic to hook their targets. The next phase of the attack involves persuading victims to download a file or a plugin that supposedly resolves audio issues. Unbeknownst to the victims, this file typically contains a Remote Access Trojan (RAT), granting the attackers full access to the victim”s system.
Once access is obtained, the hackers can view the victim”s Telegram contacts and utilize the compromised account to target additional individuals in a similar manner. Kuchař emphasizes the need for vigilance, urging his colleagues to refrain from joining unverified Zoom or Teams calls.
Experts at Huntress, a cybersecurity firm, have noted that this type of attack mirrors previous operations by TA444, a notorious North Korean state-sponsored hacking group that falls under the infamous Lazarus Group umbrella. These actors have reportedly siphoned over $300 million from the cryptocurrency ecosystem using similar tactics, as highlighted by MetaMask security researcher Taylor Monahan.
Monahan has warned that these attackers often delve into previous chat histories to gather information about their victims, which they then exploit to build rapport and trust. The primary targets of these operations are individuals deeply entrenched in the crypto sector, including developers, exchange personnel, and executives.
A notable incident occurred in September of the previous year when a THORchain executive fell victim to a targeted attack, resulting in a loss of approximately $1.3 million as their MetaMask wallet was drained without any alerts or requests for administrative permissions.
This alarming trend underscores the critical need for greater awareness and precautionary measures within the cryptocurrency community to defend against these increasingly sophisticated cyber threats.
