North Korea Hacks Crypto Firms with AI Deepfakes

The North Korean cyber-espionage group UNC1069 has escalated its social engineering prowess, leveraging AI-generated deepfake videos in a complex campaign to steal from cryptocurrency firms, according to researchers. The intrusion begins with the threat actor impersonating venture capitalists on Telegram to lure victims into a phony Zoom meeting.

Victims are shown a convincing, fake video call interface displaying recorded or deepfake footage to simulate a live participant. Once trust is established, the page displays a bogus error message and prompts the user to run a troubleshooting command.

This “ClickFix” infection vector triggers the deployment of multiple new malware families. For macOS systems, an AppleScript drops a C++ information-gathering tool called WAVESHAPER.

Consequently, this executable distributes further payloads, including the Go-based downloader HYPERCALL. HYPERCALL then serves additional backdoors and stealers like HIDDENCALL and DEEPBREATH.

The Swift-based DEEPBREATH data miner specifically manipulates macOS security to access system credentials and data from browsers like Chrome and applications like Telegram. Meanwhile, the C++ malware CHROMEPUSH is deployed as a malicious browser extension to record keystrokes and extract cookies.

Mandiant analysts noted, “The volume of tooling deployed on a single host indicates a highly determined effort to harvest credentials, browser data, and session tokens to facilitate financial theft.” This campaign marks a significant expansion in the group’s capabilities as it intensifies its focus on the Web3 ecosystem.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Yuan Soars to 15-Month High Amid Shift from US Treasuries
• Crypto Markets Cool Amid CLARITY Act Stalem
• Bithumb Seeks Return of $43B Bitcoin Sent by Mistake
• Bitcoin Hits 2021 Price Levels Amid Fears of Further Drop
• Tokenized Gold Fuels 53% Surge: Market Hits $6.1B