North Korean Hackers Steal $300 Million Through Fake Zoom Meeting Scam

TLDR

• North Korean hackers are stealing crypto through fake Zoom and Microsoft Teams meetings, with over $300 million taken so far
• Scammers hijack Telegram accounts of trusted contacts and use real video recordings to appear legitimate during calls
• Victims are tricked into downloading malware after hackers fake technical issues and request software patches
• The malware gives hackers full control to drain crypto wallets, steal passwords, and take over Telegram accounts to target more victims
• Anyone who clicks suspicious links should disconnect WiFi immediately, transfer crypto to new wallets, and wipe their device

North Korean hackers have stolen over $300 million from crypto users through a fake video meeting scam. The warning comes from Security Alliance (SEAL), a cybersecurity nonprofit that now sees multiple daily attempts of this attack.

Security researcher Taylor Monahan says the scam targets crypto executives and industry professionals. The hackers use fake Zoom and Microsoft Teams meetings to trick victims into downloading malware.

The attack begins when hackers take control of a Telegram account belonging to someone the victim knows. This could be a venture capitalist or someone they met at a conference. The hackers use the existing chat history to appear legitimate.

The compromised contact then invites the victim to a video call. They share a link that looks real, often through a fake Calendly page. When the call starts, the victim sees what appears to be their contact on video.

However, the video feed is not a deepfake as many reports claim. Monahan explains that hackers use real recordings from podcasts or previous hacked meetings. They simply loop this footage during the fake call.

The Critical Moment

During the call, the attacker pretends to have audio or video problems. They then ask the victim to download a patch file or update a software development kit to fix the issue. This file contains malware that infects the victim’s device.

Once installed, the malware is typically a Remote Access Trojan (RAT). This gives hackers complete control over the victim’s computer. They can access crypto wallets, passwords, and company information.

The hackers don’t steal everything right away. They end the call casually and claim they will reschedule. This prevents the victim from realizing they have been compromised until it is too late.

What Happens After Infection

The malware eventually drains all cryptocurrency from the victim’s wallets. It also steals passwords and takes over the victim’s Telegram account. The hackers then use this account to target the victim’s contacts with the same scam.

Monahan warns that anyone who clicks a suspicious link during a Zoom call should act immediately. First, disconnect from WiFi and turn off the infected device. Then use another device to transfer crypto to new wallets.

Recovery Steps

Victims should change all passwords and activate two-factor authentication on all accounts. They must perform a full memory wipe on the infected device before using it again. Securing the Telegram account is critical to stop the spread.

To secure Telegram, open the app on a phone and go to settings. Navigate to devices and terminate all other sessions. Change the password and add or update multifactor authentication.

Monahan stresses that victims must tell everyone if their Telegram gets hacked. The compromised account will be used to scam friends and contacts. She says people need to put pride aside and warn others immediately.

The fake meeting scam is part of a larger offensive by North Korean actors. They have stolen an estimated $2 billion from the crypto sector over the past year. This includes the recent Bybit breach.

Security researchers now consider any request to download software during a live call as an active attack signal. The scam weaponizes professional courtesy and business meeting pressure to force security lapses.

SEAL reports they are seeing multiple attempts of this scam every day. The hackers continue to refine their methods and target new victims across the crypto industry.

The post North Korean Hackers Steal $300 Million Through Fake Zoom Meeting Scam appeared first on CoinCentral.