North Korean Hackers Are Attacking Macs In Alarming Deepfake Zoom Calls

The long-held belief that MacBooks are impervious to malware has been overwhelmingly debunked, and that's probably stale by now. We've published several stories on malware infestations targeting macOS. The new story here, sedulously baked from the giant ovens of North Korean hackers, is a wave of malware attacks on macOS aided by malicious actors deep faking company executives via fake Zoom calls.

Here is what's happening, and it's good you are here, even if you are a Windows user (hacking gangs attack macOS and Windows with almost the same tactics ). You see, it all starts with a Telegram message sent by hackers to tech company employees. In this message, hackers pretend to be external professionals seeking to meet up with the firm. The attackers will then send a message containing a deceptive link, eventually leading to a fake Zoom domain under their control.



After examining the MacBooks of victims, security researchers discovered eight distinct malicious binaries. These included a crypto info stealer designed to compromise 20 crypto platforms, a persistence implant designed to enable bad actors to execute malicious codes while remaining undetected, and a surveillance program designed to take intermittent screenshots and exfiltrate keystrokes data.

These attacks have been traced to North Korean BlueNoroff gang, a group of hackers notorious for compromising Mac and Windows operating systems with a primary goal of stealing victims' digital assets. This latest attack by the gang was discovered by Huntress Security researchers on the 11th of June, 2025. If you are a MacBook user you must be prepared to detect and avoid social engineering traps. Make sure to avoid clicking links, or downloading dangerous files that could ultimately compromise your MacBook. You may also consider shielding your macOS with a security solution.