North Korean Hackers Unleash New NimDoor Malware, Targeting Crypto Firms via Apple Devices

Hold onto your digital wallets, folks! North Korean cybercriminals are ramping up their game with a slick new malware called "NimDoor," and they're gunning for crypto firms through your Apple devices!

Cybersecurity gurus at Sentinel Labs are sounding the alarm on this audacious attack, which uses some seriously cunning social engineering and stealthy persistence tactics to infiltrate macOS systems. These hackers aren't messing around!

NimDoor is coded in the under-the-radar Nim programming language, making it a slippery eel that can dodge traditional antivirus like a pro.

Here's how it goes down: these cyber crooks pose as trusted contacts on Telegram, tricking blockchain and Web3 firm employees into fake Zoom meetings. They dangle a phony Zoom SDK update in front of them, and once clicked, bam! The malware party starts.

The so-called update unleashes a multi-stage malware extravaganza on the victim's Mac. We're talking AppleScript beacons, Bash scripts to swipe your credentials, and binaries in Nim and C++ that keep the malware lurking and ready for remote commands.

These binaries? They're like the special ops of the malware world, executing precise tasks. There's one called CoreKitAgent that's especially cheeky – it kicks into action when you try to close it, sticking around even after a reboot!

And what's the prize these hackers are after? Your sweet, sweet cryptocurrencies! NimDoor goes straight for your browser-stored credentials and digital wallet data.

This nasty piece of work hunts down info from browsers like Chrome, Brave, Edge, and Firefox, plus it raids Apple's Keychain. It even goes after Telegram's encrypted database, sniffing out wallet seed phrases and private keys shared in chats.

North Korean Hackers Responsible

Sentinel Labs points the finger at a North Korea-backed threat actor, continuing their notorious streak of crypto heists to skirt around international sanctions and bankroll their state ops.

The infamous Lazarus group has been at this for a while, but this time they've pulled out the big guns with Nim against macOS. In the past, they've used Go and Rust, but Nim? That's a new twist!

Remember late 2023 when another DPRK crew dropped the Python-based Kandykorn malware on Discord, disguised as a crypto arbitrage bot? Yeah, they've got a thing for macOS and blockchain engineers.

Sentinel Labs is warning us loud and clear: as these hackers get more creative with obscure languages and slick techniques, the old assumptions about macOS security are out the window.

And it's not just NimDoor – the past few months have seen a slew of malware aimed at Apple users. There was SparkKitty, swiping seed phrases from iOS photo galleries, and a trojan swapping out wallet apps on macOS with malicious fakes.