North Korea’s Lazarus Is Targeting Crypto Executives With Zoom Calls
North Korean crypto hackers are taking phishing scams to new levels. Through GhostCall and GhostHire, they now use AI, hacked footage, and realistic impersonations to infiltrate the Web3 space more effectively than ever before.
North Korean crypto hackers are refining a familiar scam. They once relied on fake job offers and investment pitches to spread malware — now their methods are becoming more sophisticated.
Previously, these attacks depended on victims interacting directly with infected files. But tighter coordination among hacker groups has allowed them to overcome this weakness, using recycled video calls and impersonations of Web3 executives to deceive targets.
North Korea — A Crypto Hacking Pioneer
North Korean crypto hackers are already a global menace, but their infiltration tactics have significantly evolved.
Whereas these criminals used to only seek employment in Web3 firms, they’ve been using fake job offers to spread malware more recently. Now, this plan is expanding again.
According to reports from Kaspersky, a digital security firm, these North Korean crypto hackers are employing new tools.
BlueNoroff APT, a sub-branch of Lazarus Group, the most feared DPRK-based criminal organization, has two such active campaigns. Dubbed GhostCall and GhostHire, both share the same management infrastructure.
Novel Tactics Explained
In GhostCall, these North Korean crypto hackers will target Web3 executives, posing as potential investors. GhostHire, on the other hand, attracts blockchain engineers with tempting job offers. Both tactics have been in use since last month at the latest, but the threat has been increasing.
Whoever the target is, the actual scam is the same: they trick a prospective mark into downloading malware, whether it be a phony “coding challenge” or a clone of Zoom or Microsoft Teams.
Either way, the victim only needs to engage with this trapped platform, at which point the North Korean crypto hackers can compromise their systems.
Kaspersky noted a series of marginal improvements, like focusing on crypto developers’ preferred operating systems. The scams have a common point of failure: the victim has to actually interact with suspicious software.
This has harmed previous scams’ success rate, but these North Korean hackers have found a new way to recycle lost opportunities.
Turning Failures into New Weapons
Specifically, the enhanced coordination between GhostCall and GhostHire has enabled hackers to improve their social engineering. In addition to AI-generated content, they can also use hacked accounts from genuine entrepreneurs or fragments of real video calls to make their scams believable.
One can only imagine how dangerous this is. A crypto executive might cut off contact with a suspicious recruiter or investor, only to have their likeness later weaponized against new victims.
Using AI, hackers can synthesize new “conversations” that mimic a person’s tone, gestures, and surroundings with alarming realism.
Even when these scams fail, the potential damage remains severe. Anyone approached under unusual or high-pressure circumstances should stay vigilant—never download unfamiliar software or engage with requests that seem out of place.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitcoin News Update: Despite $2.95 Billion in Crypto Liquidations, Blazpay's Presale and Chainlink Partnerships Stand Strong Against Market Volatility
- Crypto markets saw $2.95B in 24-hour liquidations, led by a $6.09M ETH-USD unwind on Hyperliquid, per Coinotag. - 140,507 traders faced margin calls, with short positions dominating losses amid Bitcoin/Ethereum price declines. - Blazpay's $925K presale and Chainlink's institutional partnerships offered rare stability during the sell-off. - $77.5M long liquidations and $15.3M short liquidations in 4 hours highlighted leveraged position fragility. - Analysts warn high-liquidity venues like Bybit/Hyperliqui
TRX News Today: Hybrid Safe Zones Arise: Crypto Holders Balance Risk and Practicality in 2025’s Varied Marketplace
- Crypto market in late 2025 highlights MoonBull ($MOBU), Chainlink ($LINK), and TRON ($TRX) as top assets with distinct growth drivers amid sector consolidation. - MoonBull's Stage 5 presale raised $500K, offering 9,256% projected returns via 95% APY staking and structured tokenomics, positioning it as a hybrid of meme-coin incentives and DeFi utility. - Chainlink ($17.91) stabilizes as a "blue-chip" oracle network, bridging blockchain and traditional finance through institutional-grade infrastructure and
Bitcoin Updates: Bitcoin Breaks Past $112,000 as Investors Turn to Digital Safe Haven
- Bitcoin surged past $112,000 following the U.S. Federal Reserve's policy decision, driven by geopolitical optimism, institutional interest, and strategic trading. - A seasoned trader, "0xc2a," secured $17 million in profits through Bitcoin and Ethereum long positions, highlighting whale influence on market sentiment. - Trump's planned meeting with Xi Jinping and a $400M influx into Bitcoin's DeFi protocols pushed prices to a 10-day high near $114,000. - Institutional adoption and $10B in Q3 M&A, alongsid
No Hidden Founder Here: How Antony Turner’s Visible Approach Puts BlockDAG in the Spotlight!
Trending news
MoreCrypto prices
More
