• Home
  • Business
  • North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms
North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms

North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms


North Korean hackers are using a special type of malware known as NimDoor to target macOS computers used at Web3 and crypto firms, according to details shared by a cybersecurity research firm. The threat actors are reportedly using bash scripts to collect and transfer sensitive information, such as browser data, iCloud Keychain credentials, and Telegram user data. The attacks rely on social engineering (via a chat platform) and malicious scripts or updates, like others linked to the Democratic People’s Republic of Korea (DPRK).

NimDoor Maintains Access After Malware Termination or System Reboot

Analysis of the NimDoor malware by Sentinel Labs shows that DPRK-linked threat actors are relying on a combination of malicious binaries and scripts that are written in three languages: C++, Nim, and AppleScript. These Nim-compiled binaries are reportedly being used to target Mac computers used in crypto and Web3 firms.

Victims are contacted via messaging apps like Telegram, and the hackers use social engineering to convince a person to join a call using a scheduling service like Calendly. In order to infect the victim’s system, the threat actor sends an email with a malicious “Zoom SDK update” script that installs the malware silently, while allowing it to communicate with a command and control (C2) server.

Once the malware is installed on the target’s Mac computer, the hackers execute bash (terminal) scripts to access and exfiltrate data from browsers like Google Chrome, Microsoft Edge, Arc, Brave, and Firefox. It can also steal iCloud Keychain credentials and Telegram user data from the target’s device.

The cybersecurity research firm also noted that the NimDoor malware feature a “signal-based persistence mechanism” (using SIGINT/SIGTERM handlers) to reinstall itself and continue operating on a target device, even if the malicious process it terminated, or the system is rebooted.

You can read more about the NimDoor malware used to target Web3 and crypto firms on Sentinel Labs’ website, which includes detailed explanations of how the North Korean hackers used novel techniques to gain persistent access to victims’ computers.

The firm also warns that threat actors are increasingly using less popular programming languages to target victims. This is because as they are less familiar to analysts and offer some technical benefits over more widely used languages, while making it difficult to detect and block using existing security measures. . 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.


Honor Watch 5 Ultra Launched With eSIM Support, ECG Tracking, Up to 15 Days Battery Life





Source link

Related Posts

Crypto Whales Drive $4 Trillion Market Revival After Trump Signs Stablecoin Bill

A relentless wave of optimism is sweeping the nearly $4 trillion (roughly Rs. 3,45,54,041 crore) crypto market, driven…

ByBySaartaj Jul 1, 2026

Bitcoin Nears $113,500 as ETFs See Outflows, Ether Holds $4,100

The cryptocurrency market has entered a cooling phase after weeks of strong gains, with both Bitcoin and Ether…

ByBySaartaj Jul 1, 2026

Bitcoin Rebounds Above $114,000 as Ether surges; Market Awaits Powell’s Speech

The cryptocurrency market staged a modest recovery in the last 24 hours, with Bitcoin and Ether climbing higher…

ByBySaartaj Jul 1, 2026

Bitcoin Stands at $113,000, Ether Holds $4,280 Amidst ETF Flows, Inflation Risks

The crypto market steadied in the past 24 hours. Bitcoin is currently at $113,500, (approximately Rs. 94.2 lakh)…

ByBySaartaj Jul 1, 2026

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top