Taylor Monahan (MetaMask security researcher) recently reported a new social engineering campaign by the Lazarus Group targeting crypto users through Telegram.
According to her findings, attackers impersonate business contacts and invite victims to fake “interviews” or “partnership meetings.”
How the attack works: Initial contact:Victims are approached on Telegram with professional-looking messages about collaborations or job interviews.
Fake meeting link:
They are sent a counterfeit Zoom or meeting link that requests installation of a “codec” or “plugin.” Malware infection: Once installed, the malware gains access to browser extensions, including wallet extensions, and can extract private keys or seed phrases.
Monahan noted that even experienced users have fallen victim because the social engineering is highly polished and convincing.
This attack highlights once again that:- No legitimate meeting software should require additional “codecs” from unofficial sources.
- Wallets stored in browsers remain a high-risk target.
- Hardware wallets and strict download verification are critical for security.
Users should avoid installing any software received through private messages and verify all meeting links through official websites.
Has anyone here encountered similar Telegram-based attacks recently?
It would be useful to collect examples and prevention tips for the community.
Source:
The Blockspace Pod: How North Korean Hackers Stole $300M+ Via Telegram w/ Taylor Monahan
