Manta Network co-founder Kenny Li says he was targeted by a highly sophisticated phishing attack on Zoom that used live recordings of familiar people in an attempt to have him download malware.
The meeting seemed real with the impersonated person’s camera on, but the lack of sound and a suspicious prompt to download a script raised red flags, Li said in an April 17 X post.
“I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file. I immediately left.”
Li then asked the impersonator to verify themselves over a Telegram call, however, they didn’t comply and proceeded to erase all messages and block him soon after.
Li believes the North Korean state-backed Lazarus Group was behind the attack.
The Manta Network co-founder managed to screenshot his conversation with the attacker before the messages were deleted, where Li initially suggested moving the call over to Google Meet instead.
Speaking with Cointelegraph, Li said he believes the live shots used in the video call were taken from past recordings of real team members.
“It didn’t seem AI-generated. The quality looked like what a typical webcam quality looks like.”
Li confirmed that the real person’s accounts had been compromised by the Lazarus Group.
Beware of being asked to download anything, says Li
Li advised other members of the crypto community to always be aware of anything they’re asked to download out of the blue.
“The biggest red flag will always be a downloadable. Whether it’s in the form of an update, an attachment, app, or anything else, if you need to download something in order to continue something with the person on the other side, don’t do it.”
The Manta executive acknowledged that it could easily fool a crypto executive accustomed to being bombarded with messages and accepting sudden meeting requests.
“These are hacks that play to your emotional connection and potentially mental fatigue.”
Other members of the crypto community share similar stories
Li wasn’t the only to be targeted by the hackers in recent days.
“They also asked me to download Zoom via their link, and said that it’s only for their business. Even though I actually have Zoom on my computer, I couldn’t use it,” a member of ContributionDAO said.
Related: Lazarus Group’s 2024 pause was repositioning for $1.4B Bybit hack
“They claimed it had to be a business version that they had registered. When I requested to switch to Google Meet instead, they refused.”
Crypto researcher and X user “Meekdonald” said a friend of theirs fell victim to the exact same strategy that Li avoided.
Magazine: Meet the hackers who can help get your crypto life savings back
