North Korean Hackers Use New Mac Malware NimDoor to Target Cryptocurrency Project

BlockBeats News, July 3rd. According to a report released on Wednesday by the cybersecurity company Sentinel Labs, North Korean hackers are using a new type of malware targeting Apple devices to attack cryptocurrency companies. The hackers impersonate trusted individuals on instant messaging applications like Telegram, sending fake Zoom update files that actually install malicious software named "NimDoor."

This malware is written in the rare Nim programming language, which can bypass Apple's memory protection mechanism and deploy an information-stealing program specifically targeting cryptocurrency wallets and browser passwords. Nim language, known for its ability to run unmodified on Windows, Mac, and Linux, along with its fast compilation speed and difficulty of detection, is becoming the new favorite of cybercriminals.

The malware also includes a script to steal the Telegram encrypted local database and decryption key, and it waits for 10 minutes before activation to evade security scans.