Security Alliance: North Korean hackers' "fake Zoom" software attacks have become a daily threat, stealing over $300 million in assets

The cybersecurity nonprofit organization Security Alliance warns that they are currently discovering multiple scam attempts initiated by North Korean hackers every day, with these attacks luring victims through fake Zoom meetings.

The scam technique involves inducing victims to download malware during a "fake Zoom call," thereby stealing sensitive information, including passwords and private keys. Security researcher Taylor Monahan warns that this tactic has siphoned off over $300 million in assets from users.

The scam typically begins with a message sent from a Telegram account, which often belongs to someone the victim "knows." Due to the familiar identity, the victim lets their guard down. The conversation then naturally transitions to an invitation to "catch up over Zoom." Once the call starts, the hacker pretends to encounter audio issues and sends a so-called "patch file." When the victim opens the file, malware is implanted on their device. The hacker then ends the fake call under the pretense of "rescheduling for another day."