cyrpto attack, cofounder, Lazarus, Manta, network, phishing, targeted, Zoom Mark April 18, 2025 0 Comments

Manta Network co-founder targeted by Lazarus in Zoom phishing attack

The co-founder of Manta Network, Kenny Li, narrowly escaped a zoom phishing attack, suspected of being orchestrated by Lazarus.

In its April 17 x jobKenny Li said he was targeted by Lazarus at a zoom meeting. It started with known contact asking Li to discuss via Zoom. When Li went up on Zoom, the meeting looked legitimate, with the other part with their camera and their visible face. However, there was no audio on the call, and Li was invited to download a suspicious script file under the guise of a zoom update.

🚨 I have just been targeted by Lazarus.

A known contact on TG contacted me to request a conversation. Planned a zoom call. When I got on the zoom, he asked me for access to the camera that I found a little strange because I used the zoom several times.

Even crazier, team members had their …

– 🤓Kenny.Manta (@Superanonymousk) April 17, 2025

Significant that something was off, Li tried to check the participant’s identity by suggesting that they go to Google Meet or talk about Telegram. The imitator refused, then quickly deleted all the messages and blocked it.

Li later confirmed That the real person whose identity was used in the video call had his accounts compromised by Lazarus.

This is not the first time that Lazarus has used Zoom as a phishing vector. Nick Bax of the Security Alliance highlighted this scam in a March 11 x job. He explained that it usually starts with a few “VC” on the call, which claim to have audio problems and affirm that the victim cannot hear them. If the victim falls in love, they are directed to a new zoom room via a false link, where they invited to download a “corrective” to solve the audio / video problem. Bax noted that this method was used by threat groups to steal millions of dollars, and other pirates now reproduce these tactics.

Do you have audio problems on your zoom call? It is not a VC, they are North Korean pirates.

Fortunately, this founder achieved what was going on.

The call begins with some “VC” on the call. They send messages to the cat saying that they cannot hear your audio, or suggest that there is a … pic.twitter.com/znw8mtof4f

– Nick Bax.eth (@ bax1337) March 11, 2025

In the wire, several Crypto founders have shared experiences similar to Kenny Li from Mantwork Network (MANTA), telling how they have avoided the victim of these zoom phishing scams too closely.

Giulio Xiloyannis, co-founder of the blockchain games company my protocol, tell An attempted scam where the pirate pretended to be the head of the Story protocol (IP) to attract him as well as his marketing led to a false meeting. The deception became clear when he was suddenly invited to join a new zoom link that simulated audio problems to try to download it malware.

David Zhang, co-founder of the Stablecoin platform stable, also face to face A similar attack. Initially, the crooks joined its Google meeting call, but then made a reason to move on to a different meeting link. Zhang took the call on his tablet, which may have prevented the malware from working properly. He suspects that the phishing attempt was designed to identify the user operating system and adapt accordingly, but the configuration has not been optimized for mobile devices.

Melbin Thomas, founder of Devdock Ai, also be a victim At the Zoom scam but did not grasp its password during the false installation process. Then it is offline and made a factory reset. However, he still doesn’t know if the files are safe because he has transferred them to a hard drive that has not been reconnected from his system.

The same has happened to me. But I did not give my password while the installation occurred.
Disconnect my laptop and I reset the factory settings. But transferred my files to a hard drive. I didn’t connect the hard drive to my laptop. Is he still infected? @_Seal_org

– Melbin (melbin.eth) (@ melbint04) March 12, 2025

This increase in attacks follows a joint warning of the United States, Japan and South Korea in January on the growing threat of Lazarus group targeting the cryptographic industry. The Lazare group, known for its involvement in high-level cyber-vols such as the Go through And Ronin Network Hacks is suspected of being behind these attacks.