North Korean hackers use AI deepfake video calls to attack crypto practitioners

According to Odaily, hacker groups linked to North Korea are continuously upgrading their attack methods targeting crypto industry practitioners, using AI-generated deepfake video calls to impersonate people familiar or trusted by the victims, luring them into installing malicious software. Martin Kuchař, co-founder of BTC Prague, revealed that attackers use compromised Telegram accounts to initiate video calls and, under the pretext of "fixing Zoom audio issues," induce victims to install malicious programs disguised as plugins, thereby gaining full control of the device.

Security research firm Huntress pointed out that this attack pattern is highly consistent with previous operations targeting crypto developers that they have disclosed. The malicious scripts can execute multi-stage infections on macOS devices, including implanting backdoors, recording keystrokes, stealing clipboard content, and crypto wallet assets. Researchers have attributed this series of attacks with high confidence to the North Korean state-sponsored hacker group Lazarus Group (also known as BlueNoroff).

The head of information security at blockchain security company SlowMist stated that such attacks show obvious reuse characteristics across different operations, with targets focused on specific wallets and crypto practitioners. Analysis suggests that as deepfake and voice cloning technologies become more widespread, images and videos are no longer reliable evidence of identity authenticity. The crypto industry needs to remain vigilant and strengthen multi-factor authentication and security protection measures. (decrypt)