North Korean hackers use AI-generated video calls to target crypto firms

State-sponsored attackers have been targeting cryptocurrency firms with sophisticated fake video calls, Tech Radar reports. This campaign, conducted by BlueNoroff, a subgroup of North Korea's Lazarus Group, aims to establish persistent access on target devices by tricking victims into installing malware, according to Arctic Wolf researchers.

The attackers create convincing fake Zoom video call websites using AI-generated headshots and semi-animated videos. They invite victims through Calendly, often scheduling calls months in advance. During the fake call, a message prompts the user to update their "SDK." Clicking "Update Now" leads to a clipboard hijack. While the user intends to copy a benign command, a malicious JavaScript embedded in the fake website intercepts the clipboard and replaces the copied text with malware-deploying code.

This code, if executed, deploys malware that grants remote access, allows credential and sensitive data exfiltration, and enables lateral movement within the network. The entire compromise process, from initial click to system compromise and command and control establishment, has been observed to complete in under five minutes, posing a significant threat to Web3 and cryptocurrency companies.

Source: Tech Radar