Key Takeaways
- Manta Network co-founder Kenny Li narrowly escaped a phishing attack from the Lazarus Group.
- The phishing attempt was disguised as a Zoom call asking for a script download.
- Despite the close call, Li quickly identified the scam and avoided a major breach.
Manta Network co-founder Kenny Li recently had a close call when the notorious Lazarus Group targeted him with a phishing attempt.
Li shared the details of the harrowing experience in an X post on Friday, explaining how he narrowly avoided falling into the trap.
Manta Network Co-Founder Dodges Lazarus Group
Li shared that it all started when a contact on Telegram invited him to a Zoom call. When he joined, however, things took an unsettling turn.
The Zoom interface asked him for camera access, which immediately raised suspicions.
The call then prompted him to download a script file to update his Zoom app, even though everything appeared normal—he could see the person’s face, and the team’s cameras were on. But there was one problem: he couldn’t hear anyone.
“The team members had their cameras on. I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file,” Li recalled.
That’s when he realized he was being targeted. He quickly left the call and reached out to the contact on Telegram, only to find they had erased all messages and blocked him.
The malicious link he clicked had opened Zoom on Google Chrome, and soon after, a pop-up warned that his Zoom was outdated and needed updating.
Li explained that he’d been warned about the Lazarus Group’s tactics, noting that the group’s M.O. often revolves around tricking people into downloading and opening malicious files.
Evolving Tactics
While Li managed to avoid falling for the scam, he couldn’t help but wonder how the hackers were able to show a legitimate company employee on the Zoom call.
Some speculated the hackers used screen recordings from previous calls, while others suggested deepfake technology might have been at play.
The Lazarus Group has a long history of using social engineering and cutting-edge tech to breach systems.
Earlier this year, they made waves with the Bybit hack, targeting the exchange’s custody partner to gain access rather than going after Bybit directly. A similar tactic was used in last year’s $235 million WazirX hack.
Despite growing awareness and law enforcement crackdowns, the Lazarus Group continues to target crypto exchanges and individuals, making their operations more sophisticated with each attack.
Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.
His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.
Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.
