Employee at a cryptocurrency foundation deepfake (Jun 2025)

North Korea’s BlueNoroff used AI-generated replicas of company executives in a Zoom call to trick a Web3 worker into downloading a malicious Zoom extension that installed malware on a macOS system. The attack began through a Telegram message that redirected the victim to a fake Zoom site. The malware included keyloggers, information stealers, and remote access tools.