North Korea-linked hackers are using AI-generated video calls to impersonate trusted contacts and deliver malware to crypto workers.
The attacks involve staged Zoom or Teams calls where victims are urged to install a fake audio fix that deploys malicious software.
BTC Prague co-founder Martin Kuchař said attackers used a compromised Telegram account and a fake video call to target him.
“The high-level hacking campaign is targeting Bitcoin and crypto users,”
Martin Kuchař said.
Once installed, the malware grants full system access, allowing attackers to steal Bitcoin and hijack messaging accounts.
Security researchers said the technique closely matches methods tied to BlueNoroff, a subgroup of North Korea’s Lazarus Group.
The campaign uses multi-stage macOS malware capable of installing backdoors, keyloggers and crypto wallet stealers.
Researchers said attackers rely on social engineering and familiar communication patterns to lower victims’ defences.
AI-driven impersonation scams pushed crypto-related losses to a record $17 billion in 2025, according to industry data.
Experts warned that images and video can no longer be trusted as proof of identity without cryptographic verification.
At the time of reporting, Bitcoin price was $88,554.33.