Key Takeaways:
A crypto scam wave with a highly-targeted level is exploiting deepfake video, relationship contacts and popular work tools. BTC Prague co-founder, Martin Kuchař disclosed that attackers controlled his Telegram account to lure others into Zoom and Teams video call with malware.
Please, help me to stop
those scammers. Report this TG account which was stolen from me and is widely used to spread the attack in my name now. https://t.co/RHDWF9Qvpy pic.twitter.com/Sdepa8MH8w
— Martin Kuchař (@kucharmartin_) January 26, 2026
Read More: $50M Vanishes in Seconds: Copy-Paste Wallet Error Triggers One of Crypto’s Costliest Address Scams
Kuchař warned that the attacks often start with messages from trusted contacts on Telegram or other platforms. The victims receive an invitation to discuss the matter or also have a quick sync in a Zoom or Microsoft Teams call.
After getting the call, the attackers impersonate the trusted person through AI-generated deepfake video. They state that there is an audio problem and request the victim to install a given plug in or file so as to resolve the issue. That file gives attackers full access to the system.
According to Kuchař, this method led to the theft of Bitcoin, takeover of Telegram accounts, and further spread of the scam through hijacked identities. He urged users to treat all Telegram messages as untrusted and to avoid unverified Zoom or Teams calls.
Read More: Hackers Hijack Binance Co-CEO Yi He’s WeChat to Push Meme Coin Scam, Triggering Market Frenzy
Technical details shared by Kuchař align with research from cybersecurity firm Huntress, which traced similar attacks to BlueNoroff, a hacking group linked to North Korea’s Lazarus Group.
The attack starts with a spoofed Zoom domain with a faked meeting link. When victims are making the call, they are advised to download a file named Zoom support script. Actually, the file is infected by AppleScript, which starts a multi-stage attack.
The malware toolkit will consist of:
Researchers indicate that the malware will leverage valid developer signatures and place Rosetta on Apple Silicon devices in order to evade identification. This renders the attack less detectable, particularly to the Mac users who have a false sense of security that their respective systems are less vulnerable.
Huntress researchers point out that Mac is an excellent target because an increasing number of crypto groups deploy Macs to the enterprise. Deepfake video injects strongly in the credibility equation, combining real-time images with the known platform.
Basic security habits revealed by Kuchař assisted in curtailing his losses. He emphasized the use of two-factor authentication, password solution, and hardware wallets. He also recommended more secure communication tools, such as Signal or Jitsi, and better browsers over more secure calls, such as Google Meet due to greater sandboxing.
The post Deepfake Zoom Scams Hit Crypto Insiders as BTC Prague Co-Founder Warns of Mac Malware appeared first on CryptoNinjas.
Also read: KuCoin Web3 Launches the Decentralized Web3 Wallet with Native In-Wallet Perpetual Trading, Empowering Global Users with Self-Custody
