North Korean Hackers Target Crypto With Mac Malware ‘NimDoor’
North Korean hackers are deploying new malware strains targeting Apple devices in a campaign against cryptocurrency companies. The attackers impersonate trusted contacts on messaging apps, requesting fake Zoom meetings and sending malicious update files. The malware, named "NimDoor," specifically targets Mac computers, compromising crypto wallets and browser passwords. This shift challenges the belief that Macs are less vulnerable to attacks. The malware is written in Nim, a programming language that allows for cross-platform functionality and is difficult for security software to detect. The payload includes a credential-stealer that extracts browser and system information and targets Telegram's encrypted database. The malware activates after a ten-minute delay to evade detection. Similar incursions have been linked to the North Korean group "BlueNoroff," which has developed sophisticated techniques to bypass Apple’s security measures. Recent reports indicate an increase in macOS targeting by state-sponsored attackers, dispelling the myth that Macs are immune to viruses.
