Close Menu
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

What's On

Tecno Spark 40 Pro+ With MediaTek Helio G200 SoC Launched Alongside Spark 40 Pro and Spark 40

3 July 2025

Google Pixel 6a to Get Mandatory Android 16 Update to Fix Battery Overheating Issues

3 July 2025

The Promise and Peril of Digital Security in the Age of Dictatorship

3 July 2025
Facebook X (Twitter) Instagram
Just In
  • Tecno Spark 40 Pro+ With MediaTek Helio G200 SoC Launched Alongside Spark 40 Pro and Spark 40
  • Google Pixel 6a to Get Mandatory Android 16 Update to Fix Battery Overheating Issues
  • The Promise and Peril of Digital Security in the Age of Dictatorship
  • Oppo Reno 14 Pro 5G Launched in India With MediaTek Dimensity 8450 SoC Alongside Reno 14 5G
  • Infinix Hot 60 5G+ Leaked Images Show Off New Side Button, Triple Rear Cameras
  • North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms
  • A Trans Pilot Was Falsely Blamed for a Plane Crash. Now She’s Fighting the Right-Wing Disinfo Machine
  • Business Class Ain’t What It Used to Be. Don’t Tell First Class
Facebook X (Twitter) Instagram Pinterest Vimeo
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release
Subscribe
Best in TechnologyBest in Technology
Home » North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms
Laptops

North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms

News RoomBy News Room3 July 20252 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email

North Korean hackers are using a special type of malware known as NimDoor to target macOS computers used at Web3 and crypto firms, according to details shared by a cybersecurity research firm. The threat actors are reportedly using bash scripts to collect and transfer sensitive information, such as browser data, iCloud Keychain credentials, and Telegram user data. The attacks rely on social engineering (via a chat platform) and malicious scripts or updates, like others linked to the Democratic People’s Republic of Korea (DPRK).

NimDoor Maintains Access After Malware Termination or System Reboot

Analysis of the NimDoor malware by Sentinel Labs shows that DPRK-linked threat actors are relying on a combination of malicious binaries and scripts that are written in three languages: C++, Nim, and AppleScript. These Nim-compiled binaries are reportedly being used to target Mac computers used in crypto and Web3 firms.

Victims are contacted via messaging apps like Telegram, and the hackers use social engineering to convince a person to join a call using a scheduling service like Calendly. In order to infect the victim’s system, the threat actor sends an email with a malicious “Zoom SDK update” script that installs the malware silently, while allowing it to communicate with a command and control (C2) server.

Once the malware is installed on the target’s Mac computer, the hackers execute bash (terminal) scripts to access and exfiltrate data from browsers like Google Chrome, Microsoft Edge, Arc, Brave, and Firefox. It can also steal iCloud Keychain credentials and Telegram user data from the target’s device.

The cybersecurity research firm also noted that the NimDoor malware feature a “signal-based persistence mechanism” (using SIGINT/SIGTERM handlers) to reinstall itself and continue operating on a target device, even if the malicious process it terminated, or the system is rebooted.

You can read more about the NimDoor malware used to target Web3 and crypto firms on Sentinel Labs’ website, which includes detailed explanations of how the North Korean hackers used novel techniques to gain persistent access to victims’ computers.

The firm also warns that threat actors are increasingly using less popular programming languages to target victims. This is because as they are less familiar to analysts and offer some technical benefits over more widely used languages, while making it difficult to detect and block using existing security measures. . 

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleA Trans Pilot Was Falsely Blamed for a Plane Crash. Now She’s Fighting the Right-Wing Disinfo Machine
Next Article Infinix Hot 60 5G+ Leaked Images Show Off New Side Button, Triple Rear Cameras

Related Articles

Laptops

Honor Magic V5 – Price in India, Specifications (2nd July 2025)

2 July 2025
Laptops

Alienware Area-51, Alienware Aurora Desktops With Latest Intel Core Ultra CPUs Launched in India

2 July 2025
Laptops

Red Magic Astra Price, Specifications, Features, Comparison

2 July 2025
Laptops

Apple to Launch a ‘More Affordable’ MacBook With a 13-inch Screen, A18 Pro SoC: Report

1 July 2025
Laptops

Infinix Hot 60i – Price in India, Specifications (28th June 2025)

28 June 2025
Laptops

Samsung Galaxy M36 5G – Price in India, Specifications (27th June 2025)

27 June 2025
Demo
Top Articles

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 2024100 Views

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202495 Views

Oppo Reno 14, Reno 14 Pro India Launch Timeline and Colourways Leaked

27 May 202581 Views

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Latest News
Laptops

North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms

News Room3 July 2025
News

A Trans Pilot Was Falsely Blamed for a Plane Crash. Now She’s Fighting the Right-Wing Disinfo Machine

News Room3 July 2025
News

Business Class Ain’t What It Used to Be. Don’t Tell First Class

News Room3 July 2025
Most Popular

The Spectacular Burnout of a Solar Panel Salesman

13 January 2025124 Views

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 2024100 Views

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202495 Views
Our Picks

Oppo Reno 14 Pro 5G Launched in India With MediaTek Dimensity 8450 SoC Alongside Reno 14 5G

3 July 2025

Infinix Hot 60 5G+ Leaked Images Show Off New Side Button, Triple Rear Cameras

3 July 2025

North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms

3 July 2025

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Facebook X (Twitter) Instagram Pinterest
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact Us
© 2025 Best in Technology. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.