Close Menu
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

What's On

Sea Of Stars Was Seven Times More Successful Than Anticipated And More From Developer Sabotage

30 July 2025

Gamers Are Furious About the Censorship of NSFW Games—and They’re Fighting Back

30 July 2025

OnePlus 13, Nord 5 Series, Buds Pro 3, and More Go on Sale at Discounted Prices During OnePlus Independence Day Sale

30 July 2025
Facebook X (Twitter) Instagram
Just In
  • Sea Of Stars Was Seven Times More Successful Than Anticipated And More From Developer Sabotage
  • Gamers Are Furious About the Censorship of NSFW Games—and They’re Fighting Back
  • OnePlus 13, Nord 5 Series, Buds Pro 3, and More Go on Sale at Discounted Prices During OnePlus Independence Day Sale
  • Google’s Newest AI Model Acts Like a Satellite to Track Climate Change
  • I Watched AI Agents Try to Hack My Vibe-Coded Websit
  • Samsung Galaxy S26 Ultra Leaked Firmware Suggests Snapdragon 8 Elite 2 Chipset
  • Everything You Wanted to Know About China’s Auto Industry Takeover
  • [Exclusive] Infinix GT 30 India Launch Confirmed, Key Features Revealed
Facebook X (Twitter) Instagram Pinterest Vimeo
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release
Subscribe
Best in TechnologyBest in Technology
Home » North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms
Laptops

North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms

News RoomBy News Room3 July 20252 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email

North Korean hackers are using a special type of malware known as NimDoor to target macOS computers used at Web3 and crypto firms, according to details shared by a cybersecurity research firm. The threat actors are reportedly using bash scripts to collect and transfer sensitive information, such as browser data, iCloud Keychain credentials, and Telegram user data. The attacks rely on social engineering (via a chat platform) and malicious scripts or updates, like others linked to the Democratic People’s Republic of Korea (DPRK).

NimDoor Maintains Access After Malware Termination or System Reboot

Analysis of the NimDoor malware by Sentinel Labs shows that DPRK-linked threat actors are relying on a combination of malicious binaries and scripts that are written in three languages: C++, Nim, and AppleScript. These Nim-compiled binaries are reportedly being used to target Mac computers used in crypto and Web3 firms.

Victims are contacted via messaging apps like Telegram, and the hackers use social engineering to convince a person to join a call using a scheduling service like Calendly. In order to infect the victim’s system, the threat actor sends an email with a malicious “Zoom SDK update” script that installs the malware silently, while allowing it to communicate with a command and control (C2) server.

Once the malware is installed on the target’s Mac computer, the hackers execute bash (terminal) scripts to access and exfiltrate data from browsers like Google Chrome, Microsoft Edge, Arc, Brave, and Firefox. It can also steal iCloud Keychain credentials and Telegram user data from the target’s device.

The cybersecurity research firm also noted that the NimDoor malware feature a “signal-based persistence mechanism” (using SIGINT/SIGTERM handlers) to reinstall itself and continue operating on a target device, even if the malicious process it terminated, or the system is rebooted.

You can read more about the NimDoor malware used to target Web3 and crypto firms on Sentinel Labs’ website, which includes detailed explanations of how the North Korean hackers used novel techniques to gain persistent access to victims’ computers.

The firm also warns that threat actors are increasingly using less popular programming languages to target victims. This is because as they are less familiar to analysts and offer some technical benefits over more widely used languages, while making it difficult to detect and block using existing security measures. . 

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleA Trans Pilot Was Falsely Blamed for a Plane Crash. Now She’s Fighting the Right-Wing Disinfo Machine
Next Article Infinix Hot 60 5G+ Leaked Images Show Off New Side Button, Triple Rear Cameras

Related Articles

Laptops

Ulefone Armor 33 – Price in India, Specifications (30th July 2025)

30 July 2025
Laptops

Ulefone Armor 33 Pro – Price in India, Specifications (30th July 2025)

30 July 2025
Laptops

Acer Nitro Lite 16 Price (30 Jul 2025) Specification & Reviews । Acer Laptops

30 July 2025
Laptops

Acer Nitro Lite 16 Launched in India With Nvidia GeForce RTX 4050 GPU: Price, Specifications

30 July 2025
Laptops

Amazon Great Freedom Festival 2025: Best Laptop Deals Revealed Ahead of Sale

29 July 2025
Laptops

JioPC With AI Tools, Cloud Storage Launched for JioFiber and Jio AirFiber Subscribers in India

29 July 2025
Demo
Top Articles

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 2024103 Views

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202495 Views

Oppo Reno 14, Reno 14 Pro India Launch Timeline and Colourways Leaked

27 May 202582 Views

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Latest News
Phones

Samsung Galaxy S26 Ultra Leaked Firmware Suggests Snapdragon 8 Elite 2 Chipset

News Room30 July 2025
News

Everything You Wanted to Know About China’s Auto Industry Takeover

News Room30 July 2025
Phones

[Exclusive] Infinix GT 30 India Launch Confirmed, Key Features Revealed

News Room30 July 2025
Most Popular

The Spectacular Burnout of a Solar Panel Salesman

13 January 2025125 Views

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 2024103 Views

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202495 Views
Our Picks

Google’s Newest AI Model Acts Like a Satellite to Track Climate Change

30 July 2025

I Watched AI Agents Try to Hack My Vibe-Coded Websit

30 July 2025

Samsung Galaxy S26 Ultra Leaked Firmware Suggests Snapdragon 8 Elite 2 Chipset

30 July 2025

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Facebook X (Twitter) Instagram Pinterest
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact Us
© 2025 Best in Technology. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.