Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
North Korean ‘Fake Zoom’ Crypto Scams: A Persistent and Evolving Threat
Key Takeaways
- North Korean hackers are mounting repeated daily attacks using fraudulent Zoom calls to trick victims into downloading malware.
- Financial losses from these scams now exceed $300 million, as hackers exploit victims’ trust and familiarity.
- Immediate action is necessary if malware is downloaded during a phishing zoom call—disconnect, secure crypto assets, and reinforce account security.
- Increased vigilance and understanding of how these scams operate can help mitigate risks and protect sensitive data.
WEEX Crypto News, 2025-12-15 09:47:08
As digital communication becomes an increasingly integral part of everyday life, it opens up new avenues for cybercriminals to exploit vulnerabilities for their gain. In recent times, a particularly insidious method of attack has gained traction, executed predominantly by North Korean hackers. These sophisticated criminals have turned to utilizing fake Zoom calls as a tool to infiltrate devices and pilfer sensitive data, including critical financial information and cryptocurrency assets.
The Rise of Fake Zoom Scams
The tactics employed by these North Korean operatives involve meticulous planning and execution, capitalizing on the familiarity and trust often established through digital communication platforms like Zoom. The cybersecurity nonprofit organization, Security Alliance (SEAL), has sounded the alarm on a troubling trend: the frequency and success rate of these scams are rapidly increasing, with hackers stealing over $300 million to date.
How the Scheme Unfolds
Security researcher Taylor Monahan provides insight into the mechanics of these scams. They typically commence with a seemingly innocuous message via Telegram from a person familiar to the victim. This familiarity is a calculated move, designed to lower the victim’s defenses and create a false sense of security. The person in question, unbeknownst to the victim, has often had their identity co-opted by hackers who have gained control of their Telegram account.
The initial contact rapidly progresses to an invitation for a Zoom meeting. Before the meeting begins, a link is shared with the promise of facilitating a smooth connection. This link, masked to appear legitimate, is the hackers’ gateway to the unsuspecting victim’s device.
When the meeting ensues, it often includes recordings of familiar faces and voices, sometimes compiled from previous attacks or publicly available resources like podcasts. The authenticity of these recordings adds another layer of credibility to the deceit. During the call, the hackers feign technical difficulties, such as audio issues, and suggest the download of a bogus patch file to rectify these problems.
This patch, however, is a trojan—once it is downloaded and executed, it unleashes malware that compromises the security of the victim’s device. Along with passwords and private keys, the malware may siphon off any stored cryptocurrencies, adding a financial dimension to the digital breach.
Real Threats, Real Damages
The operations carried out under this scheme have resulted in significant financial damage. With over $300 million already stolen, the scope of the infiltration is vast and its implications are profound. Crypto assets, once compromised, are notoriously difficult to recover due to the decentralized and anonymous nature of blockchain technology.
The frequency of these attacks is alarming, with SEAL reporting daily occurrences of such scams. This consistent threat demands attention from both individuals and organizations who rely heavily on digital communications for professional and personal interactions.
Protective Measures and Damage Control
In the unfortunate event a user falls prey to such a scam, immediate action is imperative. Monahan advises that victims should disconnect from Wi-Fi and shut down the compromised device to prevent further infiltration. Utilizing a different device, users should immediately transfer their cryptocurrencies to new wallets to safeguard their assets.
It is also crucial to change passwords across all digital accounts, enabling two-factor authentication wherever possible to bolster security. Performing a full memory wipe on the infected device before re-integrating it into regular use can help prevent residual malware from re-emerging.
Part of the hackers’ strategy involves commandeering the victim’s Telegram account. From there, they leverage the stored contact list to identify and exploit new potential victims. To counteract this threat, users must ensure their Telegram accounts are tightly secured. This involves accessing the account on a mobile device, terminating all active sessions, updating passwords, and enabling multifactor authentication to fortify the account’s defenses.
The Importance of Vigilance and Education
The battle against cyber threats such as the fake Zoom call scam is ongoing and multifaceted. Understanding the intricacies of these attacks and implementing robust security protocols can significantly mitigate the risks. Online education initiatives and enhanced awareness campaigns play a crucial role in equipping individuals and organizations with the knowledge they need to protect themselves effectively.
Furthermore, any suspicious or unexpected contact, even from familiar individuals, should be scrutinized rigorously. Verification through alternative communication channels can help ascertain the authenticity of such interactions. As cybersecurity threats continue to evolve, maintaining a heightened level of vigilance is imperative.
The Role of Platforms and Cryptocurrency Exchanges
Platforms that facilitate digital communication and cryptocurrency exchanges have a part to play in safeguarding their users. By employing advanced threat detection mechanisms, these platforms can identify and neutralize fraudulent activities more effectively. They can also provide users with educational resources about potential scams and relevant preventive measures.
Cryptocurrency exchanges and wallets need to implement policies that protect their users against the fallout from malware attacks. This may include introducing stronger verification processes, offering insurance coverage for assets stolen through hacking, or providing users with immediate assistance and guidance on securing their funds.
Weaving Stronger Protections into Digital Communication
As individuals increasingly rely on services like Zoom for both personal and professional interactions, the platforms themselves must ensure their security frameworks are robust and constantly evolving to counter new threats. This includes adopting measures that detect and block known malicious actors and empowering users to report suspicious activity swiftly.
For financial services and cryptocurrency platforms, integrating comprehensive cybersecurity protocols goes beyond protecting user data—it’s about preserving trust in digital finance ecosystems. By fostering a culture of security-first prioritization, these institutions can strengthen the resilience of their infrastructures against cyberattacks.
Building a Secure Digital Future
To combat these scams effectively, a cooperative effort among individuals, cybersecurity experts, and digital platforms is essential. Concerted efforts in education, awareness building, and security infrastructure development can disrupt the cycle of cyber scams and their detrimental impacts.
Research and collaboration in cybersecurity advancement must also continue unabated. By staying ahead of hacking groups’ adaptive tactics, stakeholders in the digital communication and financial sectors can significantly diminish the potential for widespread harm.
Moreover, encouraging routine cybersecurity practices among everyday users will play a crucial role in establishing a safer online environment. Initiatives to educate users on recognizing phishing attempts and the critical steps to take if targeted can help reduce susceptibility to such threats.
As we look to build a secure digital future, incorporating cutting-edge technological solutions alongside timeless vigilance practices will serve as the bedrock of a resilient and secure cyber landscape.
FAQ
How can I identify a fake Zoom scam attempt?
A fake Zoom scam often begins with an unexpected invitation for a meeting from a known contact, typically through Telegram. The request might seem legitimate but comes with a link that does not belong to the official Zoom domains. Vigilance and skepticism towards out-of-character requests for virtual meetings can help identify potential scams.
What steps should I take if I’ve inadvertently downloaded malware from a fake Zoom call?
First, disconnect your device from the internet to prevent further data transmission to the hackers. Use another device to transfer your cryptocurrency to new wallets, update your passwords, enable multifactor authentication, and erase the infected device’s memory before using it again.
How do hackers gain control of Telegram accounts in these scams?
Hackers access Telegram accounts by exploiting security lapses such as weak passwords or lack of multifactor authentication. Once inside, they exploit stored contacts to extend their phishing network, making it essential for users to regularly update security settings and maintain strong authentication protocols.
Why are cryptocurrencies particularly targeted in these scams?
Cryptocurrencies are targeted due to their digital nature, which allows for quick, anonymous transactions that are difficult to reverse. A decentralized network means there is often no central authority that can assist with reversing unauthorized transactions, making them an attractive target for cybercriminals.
How can platforms and exchanges help to prevent such scams?
Platforms and exchanges can employ advanced threat detection tools, provide cybersecurity education to their users, and implement stricter authentication and verification processes. Enhancing user engagement with security best practices can help create a robust defense against such scams.
The intertwining of technology and finance has spawned new challenges in cybersecurity. Only by understanding these threats can we navigate and mitigate them effectively. Through collective action and informed vigilance, we can build a secure digital world that fosters innovation and protects against the ever-present dangers that threaten it.
You may also like
1 billion DOTs were minted out of thin air, but the hacker only made 230,000 dollars
After the blockade of the Strait of Hormuz, when will the war end?
Before using Musk's "Western WeChat" X Chat, you need to understand these three questions
The X Chat will be available for download on the App Store this Friday. The media has already covered the feature list, including self-destructing messages, screenshot prevention, 481-person group chats, Grok integration, and registration without a phone number, positioning it as the "Western WeChat." However, there are three questions that have hardly been addressed in any reports.
There is a sentence on X's official help page that is still hanging there: "If malicious insiders or X itself cause encrypted conversations to be exposed through legal processes, both the sender and receiver will be completely unaware."
No. The difference lies in where the keys are stored.
In Signal's end-to-end encryption, the keys never leave your device. X, the court, or any external party does not hold your keys. Signal's servers have nothing to decrypt your messages; even if they were subpoenaed, they could only provide registration timestamps and last connection times, as evidenced by past subpoena records.
X Chat uses the Juicebox protocol. This solution divides the key into three parts, each stored on three servers operated by X. When recovering the key with a PIN code, the system retrieves these three shards from X's servers and recombines them. No matter how complex the PIN code is, X is the actual custodian of the key, not the user.
This is the technical background of the "help page sentence": because the key is on X's servers, X has the ability to respond to legal processes without the user's knowledge. Signal does not have this capability, not because of policy, but because it simply does not have the key.
The following illustration compares the security mechanisms of Signal, WhatsApp, Telegram, and X Chat along six dimensions. X Chat is the only one of the four where the platform holds the key and the only one without Forward Secrecy.
The significance of Forward Secrecy is that even if a key is compromised at a certain point in time, historical messages cannot be decrypted because each message has a unique key. Signal's Double Ratchet protocol automatically updates the key after each message, a mechanism lacking in X Chat.
After analyzing the X Chat architecture in June 2025, Johns Hopkins University cryptology professor Matthew Green commented, "If we judge XChat as an end-to-end encryption scheme, this seems like a pretty game-over type of vulnerability." He later added, "I would not trust this any more than I trust current unencrypted DMs."
From a September 2025 TechCrunch report to being live in April 2026, this architecture saw no changes.
In a February 9, 2026 tweet, Musk pledged to undergo rigorous security tests of X Chat before its launch on X Chat and to open source all the code.
As of the April 17 launch date, no independent third-party audit has been completed, there is no official code repository on GitHub, the App Store's privacy label reveals X Chat collects five or more categories of data including location, contact info, and search history, directly contradicting the marketing claim of "No Ads, No Trackers."
Not continuous monitoring, but a clear access point.
For every message on X Chat, users can long-press and select "Ask Grok." When this button is clicked, the message is delivered to Grok in plaintext, transitioning from encrypted to unencrypted at this stage.
This design is not a vulnerability but a feature. However, X Chat's privacy policy does not state whether this plaintext data will be used for Grok's model training or if Grok will store this conversation content. By actively clicking "Ask Grok," users are voluntarily removing the encryption protection of that message.
There is also a structural issue: How quickly will this button shift from an "optional feature" to a "default habit"? The higher the quality of Grok's replies, the more frequently users will rely on it, leading to an increase in the proportion of messages flowing out of encryption protection. The actual encryption strength of X Chat, in the long run, depends not only on the design of the Juicebox protocol but also on the frequency of user clicks on "Ask Grok."
X Chat's initial release only supports iOS, with the Android version simply stating "coming soon" without a timeline.
In the global smartphone market, Android holds about 73%, while iOS holds about 27% (IDC/Statista, 2025). Of WhatsApp's 3.14 billion monthly active users, 73% are on Android (according to Demand Sage). In India, WhatsApp covers 854 million users, with over 95% Android penetration. In Brazil, there are 148 million users, with 81% on Android, and in Indonesia, there are 112 million users, with 87% on Android.
WhatsApp's dominance in the global communication market is built on Android. Signal, with a monthly active user base of around 85 million, also relies mainly on privacy-conscious users in Android-dominant countries.
X Chat circumvented this battlefield, with two possible interpretations. One is technical debt; X Chat is built with Rust, and achieving cross-platform support is not easy, so prioritizing iOS may be an engineering constraint. The other is a strategic choice; with iOS holding a market share of nearly 55% in the U.S., X's core user base being in the U.S., prioritizing iOS means focusing on their core user base rather than engaging in direct competition with Android-dominated emerging markets and WhatsApp.
These two interpretations are not mutually exclusive, leading to the same result: X Chat's debut saw it willingly forfeit 73% of the global smartphone user base.
This matter has been described by some: X Chat, along with X Money and Grok, forms a trifecta creating a closed-loop data system parallel to the existing infrastructure, similar in concept to the WeChat ecosystem. This assessment is not new, but with X Chat's launch, it's worth revisiting the schematic.
X Chat generates communication metadata, including information on who is talking to whom, for how long, and how frequently. This data flows into X's identity system. Part of the message content goes through the Ask Grok feature and enters Grok's processing chain. Financial transactions are handled by X Money: external public testing was completed in March, opening to the public in April, enabling fiat peer-to-peer transfers via Visa Direct. A senior Fireblocks executive confirmed plans for cryptocurrency payments to go live by the end of the year, holding money transmitter licenses in over 40 U.S. states currently.
Every WeChat feature operates within China's regulatory framework. Musk's system operates within Western regulatory frameworks, but he also serves as the head of the Department of Government Efficiency (DOGE). This is not a WeChat replica; it is a reenactment of the same logic under different political conditions.
The difference is that WeChat has never explicitly claimed to be "end-to-end encrypted" on its main interface, whereas X Chat does. "End-to-end encryption" in user perception means that no one, not even the platform, can see your messages. X Chat's architectural design does not meet this user expectation, but it uses this term.
X Chat consolidates the three data lines of "who this person is, who they are talking to, and where their money comes from and goes to" in one company's hands.
The help page sentence has never been just technical instructions.
Parse Noise's newly launched Beta version, how to "on-chain" this heat?
Is Lobster a Thing of the Past? Unpacking the Hermes Agent Tools that Supercharge Your Throughput to 100x
Declare War on AI? The Doomsday Narrative Behind Ultraman's Residence in Flames
Crypto VCs Are Dead? The Market Extinction Cycle Has Begun
Claude's Journey to Foolishness in Diagrams: The Cost of Thriftiness, or How API Bill Increased 100-Fold
Edge Land Regress: A Rehash Around Maritime Power, Energy, and the Dollar
Arthur Hayes Latest Interview: How Should Retail Investors Navigate the Iran Conflict?
Just now, Sam Altman was attacked again, this time by gunfire
Straits Blockade, Stablecoin Recap | Rewire News Morning Edition
From High Expectations to Controversial Turnaround, Genius Airdrop Triggers Community Backlash
The Xiaomi electric vehicle factory in Beijing's Daxing district has become the new Jerusalem for the American elite
Lean Harness, Fat Skill: The Real Source of 100x AI Productivity
Ultraman is not afraid of his mansion being attacked; he has a fortress.
US-Iran Negotiations Collapse, Bitcoin Faces Battle to Defend $70,000 Level
Reflections and Confusions of a Crypto VC
1 billion DOTs were minted out of thin air, but the hacker only made 230,000 dollars
After the blockade of the Strait of Hormuz, when will the war end?
Before using Musk's "Western WeChat" X Chat, you need to understand these three questions
The X Chat will be available for download on the App Store this Friday. The media has already covered the feature list, including self-destructing messages, screenshot prevention, 481-person group chats, Grok integration, and registration without a phone number, positioning it as the "Western WeChat." However, there are three questions that have hardly been addressed in any reports.
There is a sentence on X's official help page that is still hanging there: "If malicious insiders or X itself cause encrypted conversations to be exposed through legal processes, both the sender and receiver will be completely unaware."
No. The difference lies in where the keys are stored.
In Signal's end-to-end encryption, the keys never leave your device. X, the court, or any external party does not hold your keys. Signal's servers have nothing to decrypt your messages; even if they were subpoenaed, they could only provide registration timestamps and last connection times, as evidenced by past subpoena records.
X Chat uses the Juicebox protocol. This solution divides the key into three parts, each stored on three servers operated by X. When recovering the key with a PIN code, the system retrieves these three shards from X's servers and recombines them. No matter how complex the PIN code is, X is the actual custodian of the key, not the user.
This is the technical background of the "help page sentence": because the key is on X's servers, X has the ability to respond to legal processes without the user's knowledge. Signal does not have this capability, not because of policy, but because it simply does not have the key.
The following illustration compares the security mechanisms of Signal, WhatsApp, Telegram, and X Chat along six dimensions. X Chat is the only one of the four where the platform holds the key and the only one without Forward Secrecy.
The significance of Forward Secrecy is that even if a key is compromised at a certain point in time, historical messages cannot be decrypted because each message has a unique key. Signal's Double Ratchet protocol automatically updates the key after each message, a mechanism lacking in X Chat.
After analyzing the X Chat architecture in June 2025, Johns Hopkins University cryptology professor Matthew Green commented, "If we judge XChat as an end-to-end encryption scheme, this seems like a pretty game-over type of vulnerability." He later added, "I would not trust this any more than I trust current unencrypted DMs."
From a September 2025 TechCrunch report to being live in April 2026, this architecture saw no changes.
In a February 9, 2026 tweet, Musk pledged to undergo rigorous security tests of X Chat before its launch on X Chat and to open source all the code.
As of the April 17 launch date, no independent third-party audit has been completed, there is no official code repository on GitHub, the App Store's privacy label reveals X Chat collects five or more categories of data including location, contact info, and search history, directly contradicting the marketing claim of "No Ads, No Trackers."
Not continuous monitoring, but a clear access point.
For every message on X Chat, users can long-press and select "Ask Grok." When this button is clicked, the message is delivered to Grok in plaintext, transitioning from encrypted to unencrypted at this stage.
This design is not a vulnerability but a feature. However, X Chat's privacy policy does not state whether this plaintext data will be used for Grok's model training or if Grok will store this conversation content. By actively clicking "Ask Grok," users are voluntarily removing the encryption protection of that message.
There is also a structural issue: How quickly will this button shift from an "optional feature" to a "default habit"? The higher the quality of Grok's replies, the more frequently users will rely on it, leading to an increase in the proportion of messages flowing out of encryption protection. The actual encryption strength of X Chat, in the long run, depends not only on the design of the Juicebox protocol but also on the frequency of user clicks on "Ask Grok."
X Chat's initial release only supports iOS, with the Android version simply stating "coming soon" without a timeline.
In the global smartphone market, Android holds about 73%, while iOS holds about 27% (IDC/Statista, 2025). Of WhatsApp's 3.14 billion monthly active users, 73% are on Android (according to Demand Sage). In India, WhatsApp covers 854 million users, with over 95% Android penetration. In Brazil, there are 148 million users, with 81% on Android, and in Indonesia, there are 112 million users, with 87% on Android.
WhatsApp's dominance in the global communication market is built on Android. Signal, with a monthly active user base of around 85 million, also relies mainly on privacy-conscious users in Android-dominant countries.
X Chat circumvented this battlefield, with two possible interpretations. One is technical debt; X Chat is built with Rust, and achieving cross-platform support is not easy, so prioritizing iOS may be an engineering constraint. The other is a strategic choice; with iOS holding a market share of nearly 55% in the U.S., X's core user base being in the U.S., prioritizing iOS means focusing on their core user base rather than engaging in direct competition with Android-dominated emerging markets and WhatsApp.
These two interpretations are not mutually exclusive, leading to the same result: X Chat's debut saw it willingly forfeit 73% of the global smartphone user base.
This matter has been described by some: X Chat, along with X Money and Grok, forms a trifecta creating a closed-loop data system parallel to the existing infrastructure, similar in concept to the WeChat ecosystem. This assessment is not new, but with X Chat's launch, it's worth revisiting the schematic.
X Chat generates communication metadata, including information on who is talking to whom, for how long, and how frequently. This data flows into X's identity system. Part of the message content goes through the Ask Grok feature and enters Grok's processing chain. Financial transactions are handled by X Money: external public testing was completed in March, opening to the public in April, enabling fiat peer-to-peer transfers via Visa Direct. A senior Fireblocks executive confirmed plans for cryptocurrency payments to go live by the end of the year, holding money transmitter licenses in over 40 U.S. states currently.
Every WeChat feature operates within China's regulatory framework. Musk's system operates within Western regulatory frameworks, but he also serves as the head of the Department of Government Efficiency (DOGE). This is not a WeChat replica; it is a reenactment of the same logic under different political conditions.
The difference is that WeChat has never explicitly claimed to be "end-to-end encrypted" on its main interface, whereas X Chat does. "End-to-end encryption" in user perception means that no one, not even the platform, can see your messages. X Chat's architectural design does not meet this user expectation, but it uses this term.
X Chat consolidates the three data lines of "who this person is, who they are talking to, and where their money comes from and goes to" in one company's hands.
The help page sentence has never been just technical instructions.
App