North Korean Scammers Steal Over $300M as Fake Zoom Crypto Hacks Surge

_{Photo credit: max.ku / Shutterstock.com} 

North Korean hackers are targeting cryptocurrency users with sophisticated fake Zoom meeting scams that have already seized more than $300 million in stolen assets, according to cybersecurity researchers.

The cybersecurity nonprofit Security Alliance (SEAL) has seen multiple attempts per day of hackers linked to North Korea impersonating trusted contacts on messaging platforms like Telegram, inviting victims to a Zoom video call, and then prompting the victim to download malware. 

Once the call begins, the victim can see a recording of their trusted contact, taken when they were hacked themselves. Public sources like podcasts are also used to make the call appear more convincing. 

The hacker then acts as if there is a problem with the audio and sends a file as a patch to fix it. However, if the victim opens the file, it will infect their device with malware that can exfiltrate private keys, passwords, and other sensitive data, giving the hackers control over the victim’s cryptocurrency accounts.

After compromising their victim, the attackers terminate the call under the pretext of rescheduling it, leaving victims unaware until their assets are stolen, and giving the hackers access to new victims.

According to cybersecurity expert Taylor Monahan, as quoted by Cointelegraph, anyone who suspects they may have downloaded a malicious file should immediately disconnect affected devices from WiFi, turn them off, transfer digital assets using a separate secure device, update all passwords, enable two-factor authentication, and secure messaging accounts to prevent further abuse.

North Korea is known to use hackers to raise funds for its regime and bypass sanctions.