North Korea’s notorious hacking group BlueNoroff (also known as Sapphire Sleet or TA444) has launched a cunning cyberattack targeting macOS users via Zoom. In a recent incident (June 11, 2025), they used Telegram to invite an employee to a fake Zoom meeting, impersonating company executives through deepfake video streams  . During the call, participants feigned microphone issues and prompted the victim to install a “Zoom extension,” which was in fact a malicious AppleScript. This script downloaded and executed a Mac malware payload that included backdoors, keyloggers, screen recorders, and crypto-theft tools  . The campaign demonstrates BlueNoroff’s increasing sophistication, blending AI-powered social engineering with custom macOS malware to steal credentials, monitor activity, and target cryptocurrency assets  .

View the original full article here: https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/