North Korean Hackers Use Fake Zoom to Break into Canadian Gaming Company

A Canadian online gambling business fell victim to a complex cyber attack that used video conferencing software to install harmful programs and steal sensitive data. The attack, which happened on May 28, 2025, has been connected to BlueNoroff, a North Korean cybercrime group famous for major financial thefts.

Hackers Pose as Support Team in Elaborate Zoom Scam

The hack started during what seemed like a normal Zoom call between someone who worked at the gaming company and a person they thought was a business contact. However, the whole thing was a setup. The hackers pretended to be both the contact and Zoom’s help team using a website that looked a lot like the real Zoom website. They faked sound problems during the call, which led the victim to run what they thought was a “Zoom audio fix” program.

What seemed like a real update turned into a full-scale breach. The script was made to appear genuine while setting up malware behind the scenes. Once the installation finished, hackers had already gotten hold of the system login details and started draining data. The harmful code zeroed in on crypto wallets, browser profiles, and chat apps such as Telegram.

Field Effect, the cybersecurity company that looked into the case, said the hackers used clever methods to stay hidden. They rolled out parts disguised as system tasks and used macOS LaunchDaemons. The malware blended with normal work patterns, making it hard to spot even for trained people.

BlueNoroff Hack Reveals Sophisticated Tactics Hidden in Everyday Software

An examination of the infection showed a multi-step attack. The attackers first fooled the victim into giving up their password. They then loaded extra malware, such as a data thief and a remote control tool. These parts talked to outside servers with coded traffic and wiped out signs of their work to dodge alarms.

Experts think this attack is part of a bigger plan that has been going on since at least March 2025. The scheme seems to be about money, which fits with BlueNoroff‘s past of going after companies that deal with crypto and online money.

Security professionals caution that this event shows how cyber crooks are increasingly hiding their attacks in tools and platforms that users rely on. By taking advantage of normal work habits and pretending to be known contacts, attackers lower the odds of raising red flags.

In response to the rising danger, Field Effect has told organizations to boost security measures for online meetings and help interactions. Steps include limiting script running, checking support requests through official channels, and using tools to spot odd behavior on devices.