North Korean hackers use AI deepfake video calls to attack crypto professionals

Mars Finance reports that hacker organizations linked to North Korea are continuously upgrading their attack methods against cryptocurrency industry practitioners. They use AI-generated deepfake video calls, impersonating familiar or trusted individuals of the victims to induce them to install malicious software. Martin Kuchař, co-founder of BTC Prague, revealed that attackers utilize compromised Telegram accounts to initiate video calls and, under the guise of “fixing Zoom audio issues,” trick victims into installing malicious programs disguised as plugins, thereby gaining full control of the device. The security research firm Huntress pointed out that this attack pattern is highly consistent with their previous disclosures of operations targeting crypto developers. The malicious scripts can execute multi-stage infections on macOS devices, including implanting backdoors, recording keystrokes, stealing clipboard contents, and crypto wallet assets. Researchers strongly attribute this series of attacks to the North Korean state-sponsored hacking group Lazarus Group (also known as BlueNoroff). Blockchain security company SlowMist’s information security officer stated that such attacks show clear reuse characteristics across different operations, with targets concentrated on specific wallets and crypto industry personnel. Analysts believe that as deepfake and voice cloning technologies become more widespread, images and videos are no longer reliable indicators of identity authenticity. The crypto industry needs to remain vigilant and strengthen multi-factor authentication and security measures.