North Korean hackers continue to refine their social engineering tactics, now leveraging video calls to disseminate malicious software. Posing as venture capital investors, these cybercriminals deceive their targets, coercing them into installing malware under false pretenses. A specialist from Security Alliance recently exposed this emerging fraud technique on social media.
The scheme begins with fraudsters sending invitations for business meetings or investment presentations. During a video call on platforms like Zoom or Google Meet, they play a pre-recorded video simulating technical difficulties, claiming they cannot hear the other party.
At this critical moment, the attackers send their target a link to a fake software update, purportedly to resolve the audio issue. In reality, the file is a malicious payload designed to compromise the victim’s system. This psychological manipulation exploits the urgency of business negotiations, making victims less cautious about clicking the link. Once the so-called “fix” is installed, the system becomes compromised.
This method has already enabled hackers to steal tens of millions of dollars. Moreover, other cybercriminal groups have begun adopting similar techniques, broadening the scope of these attacks.
Following Security Alliance’s revelations, several cryptocurrency investors came forward with accounts of similar incidents. David Zhang, co-founder of Stably, recounted that scammers initially used his legitimate Google Meet session but later insisted on switching links, citing an internal discussion requirement. Zhang joined the call from a tablet and noted that the site resembled Zoom, though he was unsure how the scam would manifest on a desktop device.
Julio Xiloyannis, co-founder of Mon Protocol, also encountered a similar fraud attempt. According to him, cybercriminals tried to lure him and his marketing director with a fabricated partnership proposal. The scammers directed them to another Zoom conference, where audio issues were deliberately staged, followed by a prompt to download a malicious file as a supposed fix.
Users are advised to create their own meeting rooms when a contact suggests switching to a different conference and to avoid downloading any unknown files.
Beyond impersonating investors, North Korean hackers frequently fabricate identities to infiltrate companies. A common tactic involves posing as job-seeking developers on major recruiting platforms. The funds acquired through these operations ultimately contribute to North Korea’s state budget.
