SEAL Security Alliance said it now tracks multiple daily attempts tied to the North Korean fake Zoom scam.
The fake Zoom crypto hack uses a meeting invite that looks normal. Then it shifts to a file download that installs malware.
Stay ahead in the crypto world – follow us on X for the latest updates, insights, and trends!🚀
Security researcher Taylor Monahan said the method has already stolen more than $300 million. The warning circulated with material credited to SEAL Security Alliance.
Fake Zoom Crypto Hack Starts With Telegram Account Takeover
The North Korean fake Zoom scam often begins on Telegram. Monahan said the first message can come from an account the target recognizes.
The chat then moves into a Zoom plan. Monahan said attackers push a link that looks real. She said the link is “usually masked to look real.”
“They’ll share a link before the call that is usually masked to look real,”
Monahan said. She added that victims can see “the person + some of their partners colleagues” during the call.
Monahan also addressed claims about AI video.
“These videos are not deepfakes as widely reported,”
she said. “They are real recordings from when they got hacked or public sources (podcasts).”
Zoom Malware Link Delivers Malware Through a “Patch” File
During the call, Monahan said attackers stage audio trouble. Then they send a “patch” file to fix the issue.
The Zoom malware link and the “patch” file sit at the center of the fake Zoom crypto hack. Monahan said opening the file infects the device.
After that, Monahan said attackers end the call and act calm. “Unfortunately, your computer is already compromised,” she said. “They just play it cool to prevent detection.”
Monahan said the malware supports crypto wallet theft, plus password theft and private key theft. She also said attackers go after “your Telegram account.”
Telegram Account Takeover Helps Expand the North Korean Fake Zoom Scam
Monahan said Telegram account takeover helps spread the North Korean fake Zoom scam.
She said attackers use compromised Telegram accounts to reach stored contacts. That access creates new leads for the same crypto phishing on Zoom pattern.
Monahan described the effect on a victim’s network in direct terms. “Then you will go on to rekt all your friends,” she said, after describing Telegram account compromise.
“Lastly, if they hack your telegram, you need to TELL EVERYONE ASAP,” Monahan said. “You are about hack your friends. Please put your pride aside and SCREAM about it.”
Taylor Monahan Lists Steps After a Zoom Malware Link Click
Monahan described what victims reported doing after clicking a Zoom malware link during the North Korean fake Zoom scam.
She said people should disconnect from WiFi and turn off the affected device. Then they should use another device to move funds, change passwords, and enable two factor authentication where available.
She also described a “full memory wipe” before using the infected device again. She described Telegram account security steps too, including checking device sessions, terminating other sessions, and updating authentication controls.
Monahan called Telegram protection “critical” because attackers use Telegram account takeover to continue the fake Zoom crypto hack chain.
Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.
Tatevik Avetisyan is an editor at Kriptoworld who covers emerging crypto trends, blockchain innovation, and altcoin developments. She is passionate about breaking down complex stories for a global audience and making digital finance more accessible.
📅 Published: December 15, 2025 • 🕓 Last updated: December 15, 2025
