Deepfake Phishing Attacks Target Bitcoin Users via Zoom/

Cryptocurrency holders are now the target of a dangerous new phishing campaign. Attackers are leveraging artificial intelligence to generate convincing deepfake versions of trusted contacts, deceiving victims during video calls.

The attack spreads through Telegram and relies on Zoom or Microsoft Teams to deliver convincing deepfake videos that trick victims into installing harmful software.

This method combines social engineering with advanced AI technology to steal Bitcoin, credentials, and Telegram accounts from unsuspecting users.

The attack begins when victims receive a video call invitation through Telegram, appearing to come from someone they know and trust.

When the call connects, the victim sees what looks like their contact on video, but the image is actually an AI-generated deepfake. The attackers use this false sense of security to manipulate victims into taking dangerous actions that compromise their systems.

During the call, attackers claim they are experiencing audio problems and cannot hear properly. They then instruct the victim to download and install what they describe as an audio plugin or update to fix the issue.

Bitcoin News analysts identified this as the critical moment when the attack succeeds. Once installed, this malicious software gives attackers complete control over the victim’s computer, allowing them to steal cryptocurrency wallets, login credentials, and hijack Telegram accounts.

The campaign has already affected members of the Bitcoin community, with Bitcoin treasury strategist Ed Juline nearly falling victim to an attack that impersonated Martin Kuchař, co-founder of BTC Prague.

Despite being aware of similar threats and recognizing familiar faces on video, Juline was almost fooled by the fake audio update prompt. He avoided compromise only after receiving an urgent warning to disconnect his computer immediately.

Attack Chain and Social Engineering Tactics

The success of this attack relies on exploiting human trust rather than technical vulnerabilities.

Attackers use compromised Telegram accounts to reach new victims, making the initial contact appear legitimate since it comes from a known connection.

The deepfake technology creates a visual confirmation that reinforces trust, making victims less suspicious when asked to install software.

The urgency created by fake audio problems pushes victims to act quickly without thinking through the potential risks.

Once a system is compromised, attackers use the stolen Telegram account to continue spreading the attack to more victims, creating a self-perpetuating cycle that expands the campaign’s reach throughout the cryptocurrency community.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.