{"id":127449,"date":"2025-04-18T06:21:08","date_gmt":"2025-04-18T06:21:08","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=127449"},"modified":"2025-04-18T06:21:08","modified_gmt":"2025-04-18T06:21:08","slug":"manta-founder-details-attempted-zoom-hack-by-lazarus-that-used-very-real-legit-faces","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=127449","title":{"rendered":"Manta founder details attempted Zoom hack by Lazarus that used very real \u2018legit faces\u2019"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsManta Network co-founder Kenny Li says he was targeted by a highly sophisticated phishing attack on Zoom that used live recordings of familiar people in an attempt to have him download malware.\u00a0<br \/>\nThe meeting seemed real with the impersonated person\u2019s camera on, but the lack of sound and a suspicious prompt to download a script raised red flags, Li said in an April 17 X post.<br \/>\n\u201cI could see their legit faces. Everything looked very real. But I couldn\u2019t hear them. It said my Zoom needs an update. But it asked me to download a script file. I immediately left.\u201d<br \/>\nLi then asked the impersonator to verify themselves over a Telegram call, however, they didn\u2019t comply and proceeded to erase all messages and block him soon after.<br \/>\nSource: Kenny LiLi believes the North Korean state-backed Lazarus Group was behind the attack.<br \/>\nThe Manta Network co-founder managed to screenshot his conversation with the attacker before the messages were deleted, where Li initially suggested moving the call over to Google Meet instead.<br \/>\nSource: Kenny LiSpeaking with Cointelegraph, Li said he believes the live shots used in the video call were taken from past recordings of real team members.<br \/>\n\u201cIt didn\u2019t seem AI-generated. The quality looked like what a typical webcam quality looks like.\u201d<br \/>\nSource: Kenny LiLi confirmed that the real person\u2019s accounts had been compromised by the Lazarus Group.<br \/>\nBeware of being asked to download anything, says Li<br \/>\nLi advised other members of the crypto community to always be aware of anything they\u2019re asked to download out of the blue.<br \/>\n\u201cThe biggest red flag will always be a downloadable. Whether it\u2019s in the form of an update, an attachment, app, or anything else, if you need to download something in order to continue something with the person on the other side, don\u2019t do it.\u201d<br \/>\nThe Manta executive acknowledged that it could easily fool a crypto executive accustomed to being bombarded with messages and accepting sudden meeting requests.<br \/>\n\u201cThese are hacks that play to your emotional connection and potentially mental fatigue.\u201d<br \/>\nOther members of the crypto community share similar stories<br \/>\nLi wasn&#8217;t the only to be targeted by the hackers in recent days.<br \/>\n\u201cThey also asked me to download Zoom via their link, and said that it&#8217;s only for their business. Even though I actually have Zoom on my computer, I couldn\u2019t use it,\u201d a member of ContributionDAO said.<br \/>\nRelated: Lazarus Group\u2019s 2024 pause was repositioning for $1.4B Bybit hack<br \/>\n\u201cThey claimed it had to be a business version that they had registered. When I requested to switch to Google Meet instead, they refused.\u201d<br \/>\nCrypto researcher and X user \u201cMeekdonald\u201d said a friend of theirs fell victim to the exact same strategy that Li avoided.<br \/>\nMagazine: Meet the hackers who can help get your crypto life savings back<a href=\"https:\/\/cointelegraph.com\/news\/manta-exec-reveals-attempted-zoom-attack-by-lazarus-using-legit-faces?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsManta Network co-founder Kenny Li says he was targeted by a highly sophisticated phishing attack on Zoom that used live recordings of familiar people in an attempt to&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/127449"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=127449"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/127449\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=127449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=127449"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=127449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}