Kripto Al Piyasalar Spot Vadeli İşlemler500X Birikim Etkinlikler

Daha Fazla

ELIZAOS Etkinliği2000g

North Korean hackers hijack Telegram, stage fake Zoom calls and deploy RAT malware to drain crypto wallets in a $300m long‑con campaign. North Korean cyber criminalsNorth Korean hackers hijack Telegram, stage fake Zoom calls and deploy RAT malware to drain crypto wallets in a $300m long‑con campaign. North Korean cyber criminals

North Korean ‘fake Zoom’ hustle drains $300m from crypto execs’ wallets

Yazar: Crypto.news

Kaynak: Crypto.news

2025/12/15 19:16

Paylaş

LONG$0.00831+51.69%

CYBER$0.7089-0.56%

North Korean hackers hijack Telegram, stage fake Zoom calls and deploy RAT malware to drain crypto wallets in a $300m long‑con campaign.

Summary

Attackers hijack trusted Telegram accounts, then lure crypto executives into fake Zoom or Teams calls using spoofed calendar invites.
Pre‑recorded video of known industry figures masks RAT‑laden “patch” files that give hackers full system control and wallet access.
The scheme forms part of North Korea’s wider campaign that has stolen over $2 billion in crypto, including the record Bybit breach.

North Korean cyber criminals have stolen over $300 million through a sophisticated social engineering campaign that impersonates trusted industry figures in fake video meetings, according to a security alert issued by MetaMask security researcher Taylor Monahan.

North Korean hackers go ‘long con’

The scheme, described as a “long con” operation, targets cryptocurrency executives through compromised communication channels, Monahan stated in the alert.

The attack begins when hackers gain control of a trusted Telegram account, typically belonging to a venture capitalist or conference contact known to the victim, according to the researcher. Attackers exploit previous chat history to establish legitimacy before directing victims to video calls on Zoom or Microsoft Teams through disguised calendar links.

During the meeting, victims view what appears to be a live video feed of their contact. The feed is often a recycled recording from a podcast or public appearance, according to the alert.

The attack culminates when the impersonator simulates a technical problem. After citing audio or video issues, the attacker instructs the victim to download a specific script or update a software development kit. The file contains malicious software, the researcher reported.

Once installed, the malware—often a Remote Access Trojan (RAT)—grants attackers complete system control, according to the alert. The RAT drains cryptocurrency wallets and extracts sensitive data, including internal security protocols and Telegram session tokens, which are then used to target additional victims in the network.

Monahan stated that the operation “weaponizes professional courtesy,” exploiting the psychological pressure of business meetings to induce errors in judgment. The researcher advised that any request to download software during a call should be considered an active attack signal.

The fake meeting strategy forms part of a broader campaign by North Korean actors, who have stolen an estimated $2 billion from the cryptocurrency industry over the past year, including the Bybit breach, according to industry reports.

Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen [email protected] ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.