How did BlueNoroff conduct fake Zoom video calls?

BlueNoroff created fake Zoom websites with semi-animated videos of AI-generated personas, inviting victims through Calendly for future calls.

What is the clipboard hijacking technique used in the scam?

A malicious JavaScript on the fake Zoom site intercepts clipboard events, replacing copied commands with malware-deploying code.

How quickly can these attacks lead to system compromise?

The entire process, from clicking a URL to full system compromise and command and control establishment, can be completed in under five minutes.

Home / Technology / Sophisticated Scam Hijacks Zoom Calls

Sophisticated Scam Hijacks Zoom Calls

29 Apr

•

Summary

Attackers used AI-generated personas for fake video calls.
Clipboard hijacking replaced valid commands with malware.
Compromise to system takeover took less than five minutes.

State-sponsored threat actors identified as BlueNoroff, a subgroup of North Korea's Lazarus Group, have executed a highly advanced campaign against cryptocurrency companies in North America.

The attackers meticulously crafted fake Zoom video calls, utilizing AI-generated personas and realistic video simulations to deceive their targets. These fake calls were scheduled far in advance via Calendly to enhance credibility.

A critical element of the attack involved a malicious JavaScript embedded in the fake Zoom website. This script intercepted clipboard events, replacing legitimate commands with malware-deploying code when victims attempted to copy and paste.