1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'The attacker completed in under five minutes': Experts warn of N

    From TechnologyDaily@1337:1/100 to All on Tuesday, April 28, 2026 20:30:27
    'The attacker completed in under five minutes': Experts warn of North Korea-linked campaign using fake Zoom meetings to target crypto execs

    Date:
    Tue, 28 Apr 2026 19:20:00 +0000

    Description:
    Highly sophisticated scam will leave you questioning what's real while
    hackers steal your crypto.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter State-sponsored attackers crafted convincing fake video calls to target cryptocurrency firms A
    clipboard hijack trick replaced benign commands with malwaredeploying code
    The operation enabled rapid credential theft, persistence, and full system compromise Security researchers Arctic Wolf have revealed details of a highly sophisticated campaign targeting North American Web3 and cryptocurrency companies.

    It is conducted by state-sponsored threat actors called BlueNoroff, a financially motivated subgroup of the dreaded North Korean Lazarus Group,
    with a goal of establishing persistent access on their targets devices. They do so by tricking the victim into installing malware on the computers themselves, but the way they do it is quite advanced. Article continues below You may like Microsoft experts warn North Korean attackers are targeting
    macOS users North Korean hackers use AI-generated video to deliver malware
    for macOS and Windows 'macOS is becoming a more attractive target, and the tools attackers use are becoming more capable and more professional': Experts warn 'convincing' fake CleanMyMac installs target Apple users to empty crypto wallets ClicFix has entered the chat While preparing for the attack, the threat actors would use real, high-value people from the Web3 world, generate convincing headshots using ChatGPT, and create semi-animated videos using Adobe Premiere Pro 2021.

    They would then create a fake Zoom video call website identical to the actual Zoom call page, and would display the video to make it look even more convincing.

    BlueNoroff would then invite the actual victim through Calendly, almost half
    a year into the future (most likely to make it look more convincing - important people are, after all, super busy).

    When the victim clicks on the Zoom link, they see what theyre used to seeing
    - a video call page with the person on the other side moving and acting as if they were real. However, eight seconds into the call, a message would pop up across the screen, saying their SDK is deprecated and presenting them with an Update Now button. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    The button leads to a typical ClickFix technique - to fix the problem, the victim needs to copy and paste a command. But since many are now aware of these attacks, BlueNoroff takes it a step further - the code being copied is actually legitimate and benign.

    However, the fake Zoom website has a malicious JavaScript application
    embedded which handles the copy action, intercepts the clipboard event in the browser, and replaces what the user thinks they copied with different code.

    That code, if executed, deploys malware on the device which establishes
    remote access to the system, allows BlueNoroff to exfiltrate credentials, session tokens, and other sensitive business data, and grants them the
    ability to move laterally throughout the network.

    The technical execution chain in this campaign is both efficient and operationally disciplined, Arctic Wolf said. From initial URL click to full system compromise, including C2 establishment, Telegram session theft,
    browser credential harvesting, and persistence, the attacker completed in under five minutes. The best antivirus for all budgets Our top picks, based
    on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/the-attacker-completed-in-under-five-mi nutes-experts-warn-of-north-korea-linked-campaign-using-fake-zoom-meetings-to- target-crypto-execs


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)