North Korean crypto hackers are refining a familiar scam. They once relied on fake job offers and investment pitches to spread malware — now their methods are becoming more sophisticated.
Previously, these attacks depended on victims interacting directly with infected files. But tighter coordination among hacker groups has allowed them to overcome this weakness, using recycled video calls and impersonations of Web3 executives to deceive targets.
Sponsored
Sponsored
North Korea — A Crypto Hacking Pioneer
North Korean crypto hackers are already a global menace, but their infiltration tactics have significantly evolved.
Whereas these criminals used to only seek employment in Web3 firms, they’ve been using fake job offers to spread malware more recently. Now, this plan is expanding again.
According to reports from Kaspersky, a digital security firm, these North Korean crypto hackers are employing new tools.
BlueNoroff APT, a sub-branch of Lazarus Group, the most feared DPRK-based criminal organization, has two such active campaigns. Dubbed GhostCall and GhostHire, both share the same management infrastructure.
Novel Tactics Explained
In GhostCall, these North Korean crypto hackers will target Web3 executives, posing as potential investors. GhostHire, on the other hand, attracts blockchain engineers with tempting job offers. Both tactics have been in use since last month at the latest, but the threat has been increasing.
Sponsored
Sponsored
Whoever the target is, the actual scam is the same: they trick a prospective mark into downloading malware, whether it be a phony “coding challenge” or a clone of Zoom or Microsoft Teams.
Either way, the victim only needs to engage with this trapped platform, at which point the North Korean crypto hackers can compromise their systems.
Kaspersky noted a series of marginal improvements, like focusing on crypto developers’ preferred operating systems. The scams have a common point of failure: the victim has to actually interact with suspicious software.
This has harmed previous scams’ success rate, but these North Korean hackers have found a new way to recycle lost opportunities.
Turning Failures into New Weapons
Specifically, the enhanced coordination between GhostCall and GhostHire has enabled hackers to improve their social engineering. In addition to AI-generated content, they can also use hacked accounts from genuine entrepreneurs or fragments of real video calls to make their scams believable.
One can only imagine how dangerous this is. A crypto executive might cut off contact with a suspicious recruiter or investor, only to have their likeness later weaponized against new victims.
Using AI, hackers can synthesize new “conversations” that mimic a person’s tone, gestures, and surroundings with alarming realism.
Even when these scams fail, the potential damage remains severe. Anyone approached under unusual or high-pressure circumstances should stay vigilant—never download unfamiliar software or engage with requests that seem out of place.
Source: https://beincrypto.com/north-korea-deepfake-crypto-scam-lazarus/
