Zoom scam risk escalates: SEAL warns of multiple daily cyberattacks by North Korea

SEAL Security Alliance Discovers Pandemic-Level Threats Spreading

The Security Alliance SEAL has recently tracked a concerning trend—multiple cases involving North Korean cyber scam groups surface daily. This Zoom impersonation scam targeting cryptocurrency users has resulted in over $300 million in asset losses, and the latest warning from security researcher Taylor Monahan is widely spreading within the community.

How this scam gradually takes effect

Starting Point: Telegram Account Compromised

North Korean scam groups typically target your Telegram account. Monahan points out that the first message often comes from someone you know—because that account has already been hacked. The scammer then invites you to a Zoom call.

Seemingly Normal Meeting Invitations Conceal Danger

The Zoom links sent by scammers appear flawless at first glance, “often disguised very convincingly,” Monahan says. During the call, you might even see “the other party and their colleagues,” which enhances the deception. However, she clarifies—these are not deepfake videos but real clips created using leaked account information or publicly available recordings.

Malware Sneaks in via “Patch Files”

During the call, scammers claim there are audio issues and ask you to download a “patch file” to fix it. This file is actually disguised malware. Once you open it, your device is fully compromised. The scammers then casually end the call—“your computer has been hacked, but they do nothing on the surface to avoid detection.”

What is lost after infection

Once the system is infected with malware, scammers can:

• Steal your cryptocurrency wallets
• Extract passwords and private keys
• Gain full access to your Telegram account

Chain reaction caused by Telegram compromise

Monahan emphasizes that the attacker’s ultimate goal is your Telegram account. Once they have it, they can access your entire contact list and use the same scam tactics to attack your friends and family. “And then you’ll drag all your friends into it,” she bluntly states.

She even urges victims to take action in uppercase: “If they compromise your Telegram, you must immediately inform everyone. Drop your pride and shout it out loud!”

SEAL recommended emergency response measures

If you accidentally clicked on a malicious link, you should immediately take the following steps:

Immediate Actions:

• Disconnect from WiFi
• Turn off the infected device
• Transfer your funds using another device
• Change all passwords
• Enable two-factor authentication (if not already enabled)
• Perform a thorough memory wipe of the infected device before reuse

Focus on protecting your Telegram account

• Check all device session logs
• Log out of all other sessions
• Immediately update your authentication settings

Monahan considers protecting your Telegram account “crucial,” as it directly relates to whether your entire social network becomes the next target of scams.

Content Editor: Tatevik Avetisyan
Tatevik Avetisyan is an editor at Kriptoworld, focusing on new trends in cryptocurrency, blockchain innovation, and altcoin development. She is dedicated to transforming complex blockchain topics into content understandable by a global audience, making digital finance more transparent and accessible.

📅 Published: December 15, 2025 • 🕓 Last updated: December 15, 2025