North Korean ‘fake Zoom’ crypto hacks now a daily threat: SEAL

Cybersecurity nonprofit Security Alliance (SEAL) warns they’re now seeing multiple daily attempts by North Korean hackers to scam victims using fake Zoom meetings.

The scam involves tricking victims into downloading malware during a fake Zoom call, which enables hackers to steal sensitive data, including passwords and private keys. Security researcher Taylor Monahan warned that the tactic has already looted over $300 million from users.

How the fake Zoom call scam works

Monahan said the scam starts with a message from a Telegram account of someone known to the victim, who is lulled into a false sense of security due to familiarity. The conversation then leads to an invitation to catch up over Zoom.

“They’ll share a link before the call that is usually masked to look real. There you can see the person + some of their partners/colleagues. These videos are not deepfakes as widely reported. They are real recordings from when they got hacked or public sources (podcasts),” she said.

However, once the call begins, the hackers feign audio issues and send a patch file, which, when opened, infects devices with malware. The hackers then end the sham call under the guise of rescheduling for another day.

“Unfortunately, your computer is already compromised. They just play it cool to prevent detection. They will eventually take all your crypto. And your passwords. And your company/protocol’s shit. And your Telegram account. Then you will go on to rekt all your friends.”

Here’s what to do if you’ve clicked the malware link

Monahan warns that anyone who has clicked on a link shared during a suspicious Zoom call should immediately disconnect from WiFi and turn off the affected device.

Then, use another device to transfer crypto to new wallets, change all passwords, activate two-factor authentication where possible, and perform a full memory wipe on the infected device before using it again.

She also stresses it’s “critical” to secure Telegram accounts to prevent the bad actors from gaining control by opening on a phone, going into settings, devices, terminating all other sessions, changing the password and adding or updating multifactor authentication.

Monahan said the hackers are gaining control of Telegram accounts and using the stored contacts to find and scam new victims.

“Lastly, if they hack your telegram, you need to TELL EVERYONE ASAP. You are about hack your friends. Please put your pride aside and SCREAM about it.”