Fake Zoom/Teams call wey con link to North Korea dey install malware wey dey knack wallets

Security Alliance (SEAL) and MetaMask researcher Taylor Monahan don report widespread social‑engineering attacks wey dey linked to groups wey get North Korea connections. Dem dey use staged Zoom and Microsoft Teams calls to deliver Remote Access Trojans (RATs) and other malware. Attackers dey contact targets for Telegram from compromised or familiar accounts, dem dey schedule meetings (often via Calendly), and dem dey show pre‑recorded video or stolen footage to pretend say na known contacts. For call dem go tell victims make dem install an “audio patch” or SDK update; the file get malware wey fit give remote access to devices and fit steal passwords, Telegram sessions, documents and private keys. Different versions of the campaign — including fake job applications and staged interviews — don cause more than $300 million loss in crypto and dem dey try am many times every day for the sector. SEAL and Monahan warn say reuse of stolen Telegram accounts dey speed up the campaign because e reach existing contact lists. Recommended defenses for traders: treat unexpected meeting links and urgent patch requests as high risk, no ever run files wey you receive during calls, enable strong passwords and 2FA, move funds to clean wallets using uncompromised devices, and if you suspect compromise, disconnect Wi‑Fi and power down to stop exfiltration. The advisory say these human‑centric video‑call malware attacks be top operational risk for crypto firms and individuals, because compromised endpoints and leaked private keys fit make wallets drain quick and cause big financial loss.