Overview
- BTC Prague co‑founder Martin Kuchař reported his Telegram account takeover and described a live deepfake call used to deliver a supposed Zoom audio fix.
- Victims are approached through hijacked Telegram accounts, shown an AI‑generated likeness on a muted call, and urged to run a file that hands over full system access.
- Huntress previously documented spoofed Zoom domains and a malicious AppleScript on macOS that disables shell history, may install Rosetta 2, elevates privileges, and drops backdoors, keyloggers, clipboard tools, and wallet stealers.
- Security researchers attribute the campaign with high confidence to Lazarus subgroup TA444, also known as BlueNoroff.
- Chainalysis recorded a record $17 billion in crypto losses in 2025 tied to AI‑driven impersonation scams, and a MetaMask researcher has warned that similar tactics have already netted more than $300 million.