North Korean threat actor BlueNoroff has been exploiting remote workers in the Web3 sector through sophisticated deepfake Zoom calls to deliver malware onto macOS devices. The group is known for targeting cryptocurrency organizations and evolving its attack methods with multi-stage payloads. #BlueNoroff #APT38 #CryptoTraitor #GolamagGhost #TraderTraitor
Keypoints
- BlueNoroff targets Web3 employees using deepfake Zoom calls to infect macOS devices.
- Attacks involve fake meeting links, malicious Zoom extensions, and clandestine payloads.
- Several malware binaries, including backdoors and keyloggers, are deployed on compromised systems.
- The threat group, associated with North Korea, has shifted from APT38 to evolving clusters like TraderTraitor and CryptoCore.
- Recent campaigns use fake job ads and social engineering to trick victims into running malicious code on Windows and macOS systems.
Read More: https://thehackernews.com/2025/06/bluenoroff-deepfake-zoom-scam-hits.html