North Korea’s Lazarus Is Targeting Crypto Executives With Zoom Calls
North Korean crypto hackers are taking phishing scams to new levels. Through GhostCall and GhostHire, they now use AI, hacked footage, and realistic impersonations to infiltrate the Web3 space more effectively than ever before.
North Korean crypto hackers are refining a familiar scam. They once relied on fake job offers and investment pitches to spread malware — now their methods are becoming more sophisticated.
Previously, these attacks depended on victims interacting directly with infected files. But tighter coordination among hacker groups has allowed them to overcome this weakness, using recycled video calls and impersonations of Web3 executives to deceive targets.
North Korea — A Crypto Hacking Pioneer
North Korean crypto hackers are already a global menace, but their infiltration tactics have significantly evolved.
Whereas these criminals used to only seek employment in Web3 firms, they’ve been using fake job offers to spread malware more recently. Now, this plan is expanding again.
According to reports from Kaspersky, a digital security firm, these North Korean crypto hackers are employing new tools.
BlueNoroff APT, a sub-branch of Lazarus Group, the most feared DPRK-based criminal organization, has two such active campaigns. Dubbed GhostCall and GhostHire, both share the same management infrastructure.
Novel Tactics Explained
In GhostCall, these North Korean crypto hackers will target Web3 executives, posing as potential investors. GhostHire, on the other hand, attracts blockchain engineers with tempting job offers. Both tactics have been in use since last month at the latest, but the threat has been increasing.
Whoever the target is, the actual scam is the same: they trick a prospective mark into downloading malware, whether it be a phony “coding challenge” or a clone of Zoom or Microsoft Teams.
Either way, the victim only needs to engage with this trapped platform, at which point the North Korean crypto hackers can compromise their systems.
Kaspersky noted a series of marginal improvements, like focusing on crypto developers’ preferred operating systems. The scams have a common point of failure: the victim has to actually interact with suspicious software.
This has harmed previous scams’ success rate, but these North Korean hackers have found a new way to recycle lost opportunities.
Turning Failures into New Weapons
Specifically, the enhanced coordination between GhostCall and GhostHire has enabled hackers to improve their social engineering. In addition to AI-generated content, they can also use hacked accounts from genuine entrepreneurs or fragments of real video calls to make their scams believable.
One can only imagine how dangerous this is. A crypto executive might cut off contact with a suspicious recruiter or investor, only to have their likeness later weaponized against new victims.
Using AI, hackers can synthesize new “conversations” that mimic a person’s tone, gestures, and surroundings with alarming realism.
Even when these scams fail, the potential damage remains severe. Anyone approached under unusual or high-pressure circumstances should stay vigilant—never download unfamiliar software or engage with requests that seem out of place.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Partisan Stalemate Intensifies: 20% Likelihood of Resolving 35-Day Government Closure
- U.S. government shutdown enters 35th day with 20% chance of ending Nov 4–7 due to partisan funding disputes over healthcare subsidies. - Congressional gridlock disrupts $7B in economic output, delays critical data, and leaves 65,500 firms at risk of $12B payment losses. - Global media like Radio Free Asia faces funding cuts while Fed struggles to assess inflation amid shutdown-related data gaps. - Prediction markets show 33% odds for Nov 8–11 resolution as political analysts warn of growing recession ris
Ethereum News Update: Crypto Whales Employ Flash Loans to Manage Market Fluctuations and Prevent Liquidation
- Ethereum-based whale avoided liquidation by selling 465.4 WBTC/2,686 ETH ($56.52M) to repay flash loans amid Nov 5 market crash. - ETH dropped below $3,400 for first time since June 2024, triggering $1.1B+ in liquidations as 303,000 traders exited leveraged positions. - Similar strategy seen earlier when nemorino.eth sold 8,000 ETH via flash loan to secure $7.58M profit during downturn. - Analysts highlight systemic risks in leveraged trading, noting disciplined deleveraging via flash loans is critical d
Bitcoin slips below $100K as analysts say BTC is set to drop lower: Here’s why
Bitcoin Updates: Crypto Shifts Toward Privacy—Zcash Gains Momentum While Bitcoin Welcomes Institutional Investors
- Zcash's 700% price surge to $388 highlights growing demand for privacy-focused crypto, surpassing Monero with a $6.2B market cap. - Technological upgrades like Zashi wallet's cross-chain swaps and Hyperliquid's $115M ZEC contracts boost Zcash's usability and liquidity. - Analysts like Will Owens frame Zcash as Bitcoin's "spiritual successor," emphasizing cypherpunk principles against institutionalized Bitcoin adoption. - Regulatory risks (EU's 2027 privacy coin ban) and skepticism about rally sustainabil
Trending news
MoreCrypto prices
More
