By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Online Tech Guru
  • News
  • PC/Windows
  • Mobile
  • Apps
  • Gadgets
  • More
    • Gaming
    • Accessories
    • Editor’s Choice
    • Press Release
Reading: North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms
Best Deal
Font ResizerAa
Online Tech GuruOnline Tech Guru
  • News
  • Mobile
  • PC/Windows
  • Gaming
  • Apps
  • Gadgets
  • Accessories
Search
  • News
  • PC/Windows
  • Mobile
  • Apps
  • Gadgets
  • More
    • Gaming
    • Accessories
    • Editor’s Choice
    • Press Release

Google Pixel 10 May Feature Inbuilt Qi2 Magnets, Leaked ‘Pixelsnap’ Charging Puck Suggests

News Room News Room 30 July 2025
FacebookLike
InstagramFollow
YoutubeSubscribe
TiktokFollow
  • Subscribe
  • Privacy Policy
  • Contact
  • Terms of Use
© Foxiz News Network. Ruby Design Company. All Rights Reserved.
Online Tech Guru > PC/Windows > North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms
PC/Windows

North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms

News Room
Last updated: 3 July 2025 08:23
By News Room 3 Min Read
Share
SHARE

North Korean hackers are using a special type of malware known as NimDoor to target macOS computers used at Web3 and crypto firms, according to details shared by a cybersecurity research firm. The threat actors are reportedly using bash scripts to collect and transfer sensitive information, such as browser data, iCloud Keychain credentials, and Telegram user data. The attacks rely on social engineering (via a chat platform) and malicious scripts or updates, like others linked to the Democratic People’s Republic of Korea (DPRK).

NimDoor Maintains Access After Malware Termination or System Reboot

Analysis of the NimDoor malware by Sentinel Labs shows that DPRK-linked threat actors are relying on a combination of malicious binaries and scripts that are written in three languages: C++, Nim, and AppleScript. These Nim-compiled binaries are reportedly being used to target Mac computers used in crypto and Web3 firms.

Victims are contacted via messaging apps like Telegram, and the hackers use social engineering to convince a person to join a call using a scheduling service like Calendly. In order to infect the victim’s system, the threat actor sends an email with a malicious “Zoom SDK update” script that installs the malware silently, while allowing it to communicate with a command and control (C2) server.

Once the malware is installed on the target’s Mac computer, the hackers execute bash (terminal) scripts to access and exfiltrate data from browsers like Google Chrome, Microsoft Edge, Arc, Brave, and Firefox. It can also steal iCloud Keychain credentials and Telegram user data from the target’s device.

The cybersecurity research firm also noted that the NimDoor malware feature a “signal-based persistence mechanism” (using SIGINT/SIGTERM handlers) to reinstall itself and continue operating on a target device, even if the malicious process it terminated, or the system is rebooted.

You can read more about the NimDoor malware used to target Web3 and crypto firms on Sentinel Labs’ website, which includes detailed explanations of how the North Korean hackers used novel techniques to gain persistent access to victims’ computers.

The firm also warns that threat actors are increasingly using less popular programming languages to target victims. This is because as they are less familiar to analysts and offer some technical benefits over more widely used languages, while making it difficult to detect and block using existing security measures. . 

Share This Article
Facebook Twitter Copy Link
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

TikTok videos are about to get crowdsourced fact checks on them

News Room News Room 30 July 2025
FacebookLike
InstagramFollow
YoutubeSubscribe
TiktokFollow

Trending

UK game tech company JECO secures $1.3 million in pre-seed investment

UK tech company JECO has secured $1.3 million/£960,000 in growth funding, with the pre-seed investment…

30 July 2025

iOS 26 Enables Safari’s Advanced Fingerprinting Protection Feature by Default

iOS 26 isn't expected to roll out for another couple of months, but developers and…

30 July 2025

Samsung Galaxy S26 Ultra Leaked Firmware Suggests Snapdragon 8 Elite 2 Chipset

Samsung Galaxy S26 Ultra is anticipated to be announced early next year. While the company…

30 July 2025
News

US Senator Urges DHS to Probe Whether Agents Were Moved From Criminal Cases to Deportations

Since February, multiple news reports have alleged that a significant number of agents at Homeland Security Investigations (HSI)—the Department of Homeland Security’s investigative wing that focuses on transnational crimes like…

News Room 30 July 2025

Your may also like!

News

Review: TernX Carry-On Luggage Stroller

News Room 30 July 2025
News

Adobe releases Windows on Arm versions of Premiere Pro and After Effects

News Room 30 July 2025
Apps

Adobe Photoshop Introduces AI-Powered Harmonize Tool That Can Blend Objects Into a Composition

News Room 30 July 2025
Gaming

Pokémon TCG Pocket Suddenly Pulls Card Design Embroiled in Plagiarism Controversy, as Company Admits ‘Production Issue’ and Launches Wider Investigation

News Room 30 July 2025

Our website stores cookies on your computer. They allow us to remember you and help personalize your experience with our site.

Read our privacy policy for more information.

Quick Links

  • Subscribe
  • Privacy Policy
  • Contact
  • Terms of Use
Advertise with us

Socials

Follow US
Welcome Back!

Sign in to your account

Lost your password?