BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

North Korea-linked deepfake Zoom scam infects macOS systems!

AI-generated video and staged Zoom calls used by North Korea-linked BlueNoroff to deliver macOS wallet‑stealing malware

  • Attackers used staged video calls and a fake Zoom “audio fix” to trick macOS users into installing Malware.
  • The approach matches a previously documented technique tied to the North Korea-linked group BlueNoroff/Lazarus Group.
  • Compromised Telegram accounts and AI-generated video were used to impersonate trusted contacts during calls on Zoom or Teams.
  • The macOS infection chain installs persistent backdoors, keyloggers, clipboard stealers, and wallet-stealing tools and seeks elevated privileges via repeated password prompts and Rosetta 2 checks.
  • AI-driven impersonation scams contributed to a record $17 billion in crypto losses in 2025, according to data from Chainalysis.

North Korea-linked Hackers used staged video calls and a bogus Zoom “audio fix” to deliver macOS malware to cryptocurrency workers, disclosed this week by BTC Prague co-founder Martin Kuchař (Kuchař’s post). Attackers contacted victims via a compromised Telegram account, held a live call, then used an AI-generated video to impersonate a known contact and persuade the victim to install an “audio fix.”

- Advertisement -

The method mirrors a technique first documented by Huntress in which attackers lure targets into a staged meeting, often using a spoofed Zoom domain and a fake meeting link (Huntress analysis). The supposed fix is actually an AppleScript that begins a multi-stage macOS infection.

Once executed, the script disables shell history, checks for or installs Rosetta 2 on Apple Silicon devices, and repeatedly prompts the user for their system password to gain elevated privileges. The malware chain installs multiple payloads including persistent backdoors, keylogging and clipboard tools, and crypto wallet stealers, then can steal funds and take over accounts.

Kuchař later said his own Telegram account was compromised and used to target others in the same way. Security researchers attribute these intrusions with high confidence to the threat actor tracked as TA444 or BlueNoroff, which operates under the Lazarus Group umbrella and has focused on crypto theft since at least 2017.

Security experts noted the broader risk from AI impersonation. “The latest attack on Kuchař is ‘possibly’ connected to broader campaigns,” said Shān Zhang of Slowmist. David Liberman added that images and video “can no longer be treated as reliable proof of authenticity,” and urged stronger digital signing and multi-factor authorization. Data shows AI-driven impersonation scams helped push crypto-related losses to about $17 billion in 2025, according to Chainalysis.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor Rage-Quits Channel 4 Over Bitcoin Grilling

Michael Saylor ended a Channel 4 interview by accusing the reporter of being offensive...

Linux ‘Bad Epoll’ Bug Grants Any User Root Access

A critical Linux kernel flaw, Bad Epoll (CVE-2026-46242), allows a standard user to gain...

Crypto Bill Fails to Meet White House July 4 Deadline

The White House will miss its July 4 deadline for passing a cryptocurrency market...

Alphabet Undervalued Despite Record Growth, AI Push

Alphabet (GOOGL) stock is deemed undervalued despite record revenue and strong AI positioning, trading...

PamStealer Malware Targets MacOS Users, Steals Data

A new macOS malware, PamStealer, is actively targeting cryptocurrency users by stealing wallet data...

Must Read

How to Set Up a Simple Bitcoin Tip Jar for Your Site or Stream

QUICK LINKSWhat a tip jar is, in plain wordsWhat you needBuild a payment link that just worksAdd a QR code that actually scansWhere to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading