Employee at a tech firm deepfake (Jun 2025)

North Korean BlueNoroff group deepfaked company executives in a Zoom call to trick an employee into installing macOS malware. The attackers contacted the target on Telegram, posed as professionals, and used a fake Zoom domain. The deepfake videos featured recognizable senior leadership to add credibility. The victim was tricked into downloading a malicious Zoom extension that installed malware, leading to cryptocurrency theft.