Business

North Korean hackers targeting crypto projects with unusual Mac exploit

Roman Hasley
Roman Hasley
North Korean hackers targeting crypto projects with unusual Mac exploit

North Korean Hackers Launch Sophisticated Cyberattacks on Apple Devices

Cybersecurity firm Sentinel Labs reports that North Korean-aligned hackers are targeting cryptocurrency companies using novel malware, the NimDoor strain, delivered via deceptive Zoom updates.

Contents
North Korean Hackers Launch Sophisticated Cyberattacks on Apple DevicesNimdoor Targets Mac ComputersMacs Get Viruses, Too
Illustration depicting a fake Zoom update link used in phishing attacks.
Sentinel Labs

The campaign utilizes social engineering tactics, impersonating trusted contacts on messaging apps like Telegram, before luring victims with fake Zoom meeting invitations via Google Meet links. The perpetrators then distribute a fraudulent Zoom update, falsely appearing as downloaded from Zoom.

Nimdoor Targets Mac Computers

Upon execution of the compromised file, the NimDoor malware payload—forged to exploit human trust and technical naivety—installs on the Mac system. Its target: cryptocurrency wallets and browser-stored login credentials.

“…the use of Nim compiled binaries on macOS is a more unusual choice” — Sentinel Labs Researchers

Contrary to long-held assumptions that Mac systems are inherently less vulnerable, various campaigns now demonstrate sophisticated macOS malware deployment.

The NimDoor malware is particularly insidious due to its construction. Written in Nim—a newer, less common language favored by cybercriminals for cross-platform compatibility across Windows, Mac, and Linux—it features compilation speed, standalone executable generation, and enhanced evasion capabilities.

“Although early-stage attacks adhere to familiar DPRK tactics concerning social engineering, lures, and fake updates, Nim’s use on macOS stands out.” — Sentinel Labs Researchers

The payload carries a credential-stealing module designed to silently harvest browser data, system information, and package it for transmission back to the attackers. It specifically targets Telegram’s encrypted local database and decryption keys. Adding another layer of sophistication, it activates ten minutes post-infection to potentially elude security scanners.

Macs Get Viruses, Too

Cybersecurity provider Huntress linked similar infiltration attempts to North Korean-sponsored group “BlueNoroff,” malware capable of bypassing macOS memory protections.

Furthermore, SlowMist blockchain security firm recently issued an alert concerning a massive campaign of fake Firefox extension downloads designed to steal cryptocurrency credentials.

“Over the last few years, macOS has become a larger target for threat actors, especially state-sponsored attackers.” — Sentinel Labs Researchers

This emerging threat landscape underscores a critical shift and dispels outdated security myths surrounding the Macintosh platform.

Related Story: Crypto Firms Report Record North Korean Fake Zoom Phishing

Superstate CEO Robert Leshner Buys Majority Stake in ‘Shady’ Liquor Vendor With BTC Strategy
OKX joins Paxos’ USDG network as stablecoin push intensifies
SocGen’s Crypto Arm Unveils Dollar Stablecoin on Ethereum and Solana
Anti-Bitcoin Vanguard Might Be the Largest Institutional Holder of MSTR Stock
BoA exploring stablecoins to help move trillions in client transactions, CEO says
Share This Article
Previous Article BlackRock’s Bitcoin ETF Generating More Revenue Than Its Flagship S&P 500 Fund BlackRock’s Bitcoin ETF Generating More Revenue Than Its Flagship S&P 500 Fund
Next Article Deutsche Bank’s DWS, Galaxy, Flow Traders Venture to Introduce German-Regulated Stablecoin Deutsche Bank’s DWS, Galaxy, Flow Traders Venture to Introduce German-Regulated Stablecoin
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image
Popular News

You Might Also Like