Deepfake Zoom Scams Hit Crypto Insiders as BTC Prague Co-Founder Warns of Mac Malware
Key Takeaways: Crypto insiders are being targeted by deepfake video calls that deliver macOS malware BTC Prague co-founder Martin Kuchař says his stolen Telegram account was used to spread the attack The campaign matches...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Key Takeaways:
- Crypto insiders are being targeted by deepfake video calls that deliver macOS malware
- BTC Prague co-founder Martin Kuchař says his stolen Telegram account was used to spread the attack
- The campaign matches tactics tied to North Korea–linked BlueNoroff hackers
A crypto scam wave with a highly-targeted level is exploiting deepfake video, relationship contacts and popular work tools. BTC Prague co-founder, Martin Kuchař disclosed that attackers controlled his Telegram account to lure others into Zoom and Teams video call with malware.
Please, help me to stop those scammers. Report this TG account which was stolen from me and is widely used to spread the attack in my name now. https://t.co/RHDWF9Qvpy pic.twitter.com/Sdepa8MH8w
— Martin Kuchař (@kucharmartin_) January 26, 2026
Read More: $50M Vanishes in Seconds: Copy-Paste Wallet Error Triggers One of Crypto’s Costliest Address Scams
Deepfake Video Calls Used as the Entry PointKuchař warned that the attacks often start with messages from trusted contacts on Telegram or other platforms. The victims receive an invitation to discuss the matter or also have a quick sync in a Zoom or Microsoft Teams call.
After getting the call, the attackers impersonate the trusted person through AI-generated deepfake video. They state that there is an audio problem and request the victim to install a given plug in or file so as to resolve the issue. That file gives attackers full access to the system.
According to Kuchař, this method led to the theft of Bitcoin, takeover of Telegram accounts, and further spread of the scam through hijacked identities. He urged users to treat all Telegram messages as untrusted and to avoid unverified Zoom or Teams calls.
Read More: Hackers Hijack Binance Co-CEO Yi He’s WeChat to Push Meme Coin Scam, Triggering Market Frenzy
North Korea–Linked Malware Chain Targets Mac UsersTechnical details shared by Kuchař align with research from cybersecurity firm Huntress, which traced similar attacks to BlueNoroff, a hacking group linked to North Korea’s Lazarus Group.
How the Mac Infection WorksThe attack starts with a spoofed Zoom domain with a faked meeting link. When victims are making the call, they are advised to download a file named Zoom support script. Actually, the file is infected by AppleScript, which starts a multi-stage attack.
The malware toolkit will consist of:
- Telegram 2, a fake updater that maintains persistence
- Root Troy V4, a remote-access backdoor
- InjectWithDyld, a stealth loader for encrypted payloads
- XScreen, a surveillance tool that logs keystrokes and screen activity
- CryptoBot, an infostealer targeting more than 20 crypto wallets
Researchers indicate that the malware will leverage valid developer signatures and place Rosetta on Apple Silicon devices in order to evade identification. This renders the attack less detectable, particularly to the Mac users who have a false sense of security that their respective systems are less vulnerable.
Crypto Theft Campaigns Grow More SophisticatedHuntress researchers point out that Mac is an excellent target because an increasing number of crypto groups deploy Macs to the enterprise. Deepfake video injects strongly in the credibility equation, combining real-time images with the known platform.
Basic security habits revealed by Kuchař assisted in curtailing his losses. He emphasized the use of two-factor authentication, password solution, and hardware wallets. He also recommended more secure communication tools, such as Signal or Jitsi, and better browsers over more secure calls, such as Google Meet due to greater sandboxing.
The post Deepfake Zoom Scams Hit Crypto Insiders as BTC Prague Co-Founder Warns of Mac Malware appeared first on CryptoNinjas.
Why this matters
Bitcoin is showing up inside the Security Incidents theme, so this story is worth tracking for follow-through rather than treating it as a one-off headline.
Original source
Read on CryptoNinjasRelated market context
Masoud Pezeshkian calls for national unity after Khamenei’s death, crypto markets react sharply
The leadership transition in Iran could reshape geopolitical dynamics and economic landscapes, influencing global markets and dipl...
France’s crypto kidnapping surge exposes the personal data trail behind wrench attacks
France’s crypto security problem is expanding beyond private keys to include the people whom attackers can identify, threaten, and...
Binance Re-Enters Philippines as Regulator Clears BlockShoals Sandbox
Binance is set to enter the Philippine market through a regulatory sandbox after the country's Securities and Exchange Commission...
Bitcoin Price Prediction: An Analyst Just Called for Bitcoin to Drop to $40,000, And the Chart Is Not Helping the Bull Case
Bitcoin price is holding an uneasy line near $60,000, roughly 52% below its all-time high of ~$126,000 set late last year, and the...
Binance Faces £150M UK Lawsuit From 1,692 Retail Derivatives Traders
Nearly 1,700 British investors allege Binance sold leveraged derivatives it was not authorised to offer under UK law, in a claim f...
Ripple co-founder Chris Larsen backs derivatives exchange launched by senator’s son
The investment highlights potential conflicts of interest and could influence regulatory frameworks, impacting the future of US de...