North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies

Cybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent “fake interview” scams.

This operation continues to leverage spear-phishing tactics aimed at individuals and organizations within the Web3, cryptocurrency, and blockchain industries.

The attackers initiate contact by offering enticing job opportunities, often leading to fabricated interviews conducted via Zoom.

Malware Evolution Targeting Web3 Sector

Victims are then prompted to install a purported Zoom SDK update, which is actually a malicious payload designed to compromise macOS systems.

Upon execution, the malware deploys a multi-stage attack chain that facilitates unauthorized access, enabling the exfiltration of sensitive data such as cryptocurrency wallet credentials and personal information.

SentinelOne’s report highlights that while the core social engineering vector remains unchanged and highly effective over the past year, the hackers have introduced innovative coding techniques to enhance stealth and ...