North Korean hackers target crypto companies via Mac devices
North Korean -backed hacker groups have developed a new malware that targets Mac users and can overcome Apple's security systems. The software “Nimdoor çalış aims to play crypto wallet information and browser passwords.
New threat with Nimdoor: attack on crypto companies via Mac
Cyber Security Company Sentinel Labs announced that North Korean hackers have launched a new malware campaign targeting Mac users. The attackers invite the victim to the Zoom meeting with a fake Google Meet connection, acting like a reliable person in messaging applications such as Telegram. Then, a so -called “zoom update” is sent.
🖥️ MacOS is now on the target: How does Nimdoor work work?
When the fake update file sent is run, the malware called “Nimdoor” is installed on a Mac computer. This software:
It targets crypto wallets.
Browser steals the passwords and system information.
Telegram’s encrypted database and keys.
Waiting for 10 minutes before being active and survives the security software.
According to Sentinel Labs, this Malware was written with an unusual programming language called Nim and difficult to detect.
🧬 Why Nim Language?
Nim language begins to become popular among cyber criminals:
Windows can work with the same code on Mac and Linux.
It is compiled quickly, creates an independent file.
It is difficult to attach security software to the radar.
Previously, experimented with GO and Rust, but the Nim is more flexible and the platform is independent.
💼 Information Playing Module: Cryptobot
Cryptobot, which is included in the malicious software package, works as a “infostealer .. Features:
Keyboard tracking (keylogger)
Screen recording
Receiving information copied to the board
Targets browser plug -ins and especially crypto wallet plug -ins.
In June, another cyber security firm Huntress confirmed that a similar attack was carried out by the Hacker group of North Korea -related Bluenoroff.
🧪 New threat with Firefox add -ons
This week, Blockchain security company Slowmist announced that dozens of fake Firefox plugins are designed to steal users’ crypto wallet information. This shows that the attack campaign is much larger.
📌 Expert Warning: The legend of “Macs don’t take viruses” ends
“In recent years, especially state -supported developed attackers have started to target MacOS more.”
- Sentinel Labs
These attacks exceed Apple’s memory protection systems and develop new generation cyber threats that develop quietly working software on Mac devices.
