Web3 employee deepfake (Jun 2025)

North Korea-aligned BlueNoroff used deepfake Zoom calls of company executives to trick a Web3 employee into installing malware on their macOS device. The employee was contacted via Telegram and a Calendly link which redirected to a fake Zoom domain. During the Zoom call, deepfakes of senior leadership urged the employee to install a malicious Zoom extension due to microphone issues, leading to the installation of malware.