Manta Network Co-Founder Dodges Lazarus-Targeted Zoom Call Attack by a Whisker

Key Takeaways

• Manta Network co-founder Kenny Li narrowly escaped a phishing attack from the Lazarus Group.
• The phishing attempt was disguised as a Zoom call asking for a script download.
• Despite the close call, Li quickly identified the scam and avoided a major breach.

Manta Network co-founder Kenny Li recently had a close call when the notorious Lazarus Group targeted him with a phishing attempt.

Li shared the details of the harrowing experience in an X post on Friday, explaining how he narrowly avoided falling into the trap.

Manta Network Co-Founder Dodges Lazarus Group

Li shared that it all started when a contact on Telegram invited him to a Zoom call. When he joined, however, things took an unsettling turn.

The Zoom interface asked him for camera access, which immediately raised suspicions.

The call then prompted him to download a script file to update his Zoom app, even though everything appeared normal—he could see the person’s face, and the team’s cameras were on. But there was one problem: he couldn’t hear anyone.

“The team members had their cameras on. I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file,” Li recalled.

That’s when he realized he was being targeted. He quickly left the call and reached out to the contact on Telegram, only to find they had erased all messages and blocked him.

The malicious link he clicked had opened Zoom on Google Chrome, and soon after, a pop-up warned that his Zoom was outdated and needed updating.

Li explained that he’d been warned about the Lazarus Group’s tactics, noting that the group’s M.O. often revolves around tricking people into downloading and opening malicious files.

Evolving Tactics

While Li managed to avoid falling for the scam, he couldn’t help but wonder how the hackers were able to show a legitimate company employee on the Zoom call.

Some speculated the hackers used screen recordings from previous calls, while others suggested deepfake technology might have been at play.

The Lazarus Group has a long history of using social engineering and cutting-edge tech to breach systems.

Earlier this year, they made waves with the Bybit hack, targeting the exchange’s custody partner to gain access rather than going after Bybit directly. A similar tactic was used in last year’s $235 million WazirX hack.

Despite growing awareness and law enforcement crackdowns, the Lazarus Group continues to target crypto exchanges and individuals, making their operations more sophisticated with each attack.