Overview
- Security Alliance (SEAL) reports multiple daily attempts using this tactic across the crypto sector.
- Victims are funneled through Calendly links into Zoom or Teams sessions that play pre‑recorded video to mimic live participants.
- During the call, targets are prompted to install a supposed fix that deploys a Remote Access Trojan granting full device control.
- Compromises lead to theft of passwords, private keys and session tokens, enabling wallet drainage and further account takeovers.
- Researchers frame the scheme as part of a broader North Korea-linked push against crypto, with industry estimates putting total annual losses near $2 billion.