Threat actors linked to North Korea are conducting sophisticated cyber campaigns targeting Web3, blockchain, and tech sectors using deception and malware. These campaigns, GhostCall and GhostHire, employ fake meetings, phishing sites, and malware payloads to compromise macOS, Windows, and Linux systems. #LazarusGroup #GhostCall #GhostHire #SnatchCrypto #BlueNoroff
Keypoints
- The campaigns are attributed to the Lazarus Group sub-cluster BlueNoroff, part of a broader operation since 2017.
- GhostCall targets macOS users with fake Zoom and Microsoft Teams meetings to deploy malware via phishing tactics.
- GhostHire focuses on Web3 developers, using fake job assessments shared through Telegram to infect targeted systems.
- The malware chain includes various payloads like DownTroy, CosmicDoor, RooTroy, and RealTimeTroy, which can exfiltrate data and execute commands.
- The campaigns leverage AI-generated content, fake profiles, and remote deception to maximize infection success across multiple platforms.
Read More: https://thehackernews.com/2025/10/researchers-expose-ghostcall-and.html