North Korea–linked hackers target crypto professionals with deepfake video calls

Key points:

• Attacks are carried out via video calls using AI-generated deepfakes.
• Victims are tricked into installing a malicious file posing as an “audio fix.”
• Losses from AI-driven crypto scams reached $17 billion in 2025.

Hackers linked to North Korea continue to target crypto developers and employees using video calls powered by AI-generated deepfakes. During these calls, attackers impersonate familiar or trusted contacts and persuade victims to install malicious software on their devices.

The latest incident was reported by BTC Prague co-founder Martin Kucharz. According to him, the attack began with a compromised Telegram account, after which the victim was invited to join a video call on Zoom or Microsoft Teams.

How the scheme works

During the call, attackers play a pre-recorded AI-generated video that convincingly mimics a real person. They then claim there are audio issues and suggest installing a file or plugin to “fix” the problem.

In reality, the file contains macOS malware. Once installed, it requests elevated permissions, allowing attackers to steal cryptocurrency, harvest credentials and take control of the victim’s messaging apps.

How 2025 changed the crypto market and AML standards: the year-end report

A year ago, few could have imagined the scale of the events that would unfold in the crypto market in 2025. The year became a turning point for the industry, setting the stage for major regulatory changes ahead

Читать дальше

Technical details

After installation, the malicious file alters system settings and repeatedly prompts the user for an administrator password. This grants the attackers full control over the device. As a result, spyware, keyloggers and wallet-draining tools are deployed to monitor activity and steal funds.

Similar techniques have previously been documented by security researchers and linked to the TA444 group, also known as BlueNoroff, a Lazarus Group subgroup focused on the crypto industry.

Analysts estimate that losses from scams involving deepfakes, fake identities and voice cloning hit a record $17 billion in 2025. Experts warn that visual and audio cues can no longer be treated as reliable proof of authenticity, as these attacks are becoming increasingly standardized and scalable.