Having trouble with your conference call? Be careful, it's North Korean hackers pretending to be VCs, posting messages to repair links to scam people

Recently, an entrepreneur has discovered a new type of fraud, where North Korean hackers impersonate venture capital (VC) experts and, through the common audio issues seen in Zoom meetings, lure victims into downloading audio repair files containing malware, which can lead to the theft of personal funds or data.

North Korean hackers impersonating VCs, using Zoom audio issues to lure victims into installing fake repair programs

Blockchain and cybersecurity expert Nick Bax.eth was the first to report this threat, pointing out that the fraud typically starts with a seemingly normal video conference, with the participants being impersonated VC experts:

Having audio issues on your Zoom call? That's not a VC, it's North Korean hackers.

Fortunately, this founder realized what was going on.

The call starts with a few "VCs" on the call. They send messages in the chat saying they can't hear your audio, or suggesting there's an… pic.twitter.com/ZnW8Mtof4F

— Nick Bax.eth (@bax1337) March 11, 2025

They will leave messages in the chat window, claiming they cannot hear the victim's voice or reminding the victim of audio issues. They then play a "pre-recorded" video of the VC expert speaking, making the victim believe the other party is online but unable to communicate.

He emphasized that once the victim believes this, the hackers will provide a new Zoom meeting link, claiming it can solve the technical problem:

However, this link is actually fake, and clicking on it will lure the victim into downloading and installing an "audio or video repair program" containing malicious code. Once installed, the hackers can take control of the victim's computer, steal personal data, money, and even launch attacks on the victim's company.

(All participants in the online meeting were fake: Hong Kong employee scammed by deepfake technology, transferred HK$200 million for the fake boss)

Attack patterns repeatedly copied, hackers have obtained millions of dollars

Nick Bax.eth warned that the hacker group has successfully stolen millions of dollars, and other hacker groups have also started to copy this attack method. Such attacks exploit human weaknesses, as victims, believing they are talking to important investors, will lower their guard to quickly solve the technical problem.

(Beware of phishing attacks on Phantom wallet, scammers disguise as updates and steal seed phrases)

How to prevent such attacks?

1. Do not click on unfamiliar video conference links: If someone asks you to switch meeting rooms, create a secure Google Meet link yourself and have them join, rather than using the link they provide.
2. Be vigilant and avoid installing any suspicious software: If someone asks you to download and install a "repair program", immediately stop the operation and seek professional technical support.
3. How to respond when attacked: If you have already installed malware, immediately disconnect from the network, turn off your computer, and contact cybersecurity experts for professional assistance.

This incident reminds all entrepreneurs and businesses to be vigilant when conducting online meetings, ensuring that all links and software come from official and trustworthy sources, to prevent hacker attacks.

(Experts find spyware disguised as food delivery apps stealing crypto wallet seed phrases)