Loading...
btc
BTC
4.32%
Bitcoin
115.998,08 USDT
eth
ETH
6.23%
Ethereum
2.947,41 USDT
bch
BCH
1.30%
Bitcoin Cash
518,59 USDT
xrp
XRP
4.81%
Ripple
2,55 USDT
ltc
LTC
4.71%
Litecoin
95,06 USDT
bnb
BNB
3.07%
Binance Coin
689,93 USDT
sol
SOL
4.37%
Solana
164,50 USDT
avax
AVAX
6.76%
Avalanche
20,79 USDT
ada
ADA
9.48%
Cardano
0,68 USDT
dot
DOT
7.67%
Polkadot
3,89 USDT
doge
DOGE
8.12%
Dogecoin
0,20 USDT
shib
SHIB
8.47%
Shiba Inu
0,00 USDT
  1. News
  2. Crypto News
  3. North Korean Hackers Target Apple Devices in Sophisticated Crypto Heist Campaign

North Korean Hackers Target Apple Devices in Sophisticated Crypto Heist Campaign

Sentinel Labs Uncovers New Nim-Based Malware Used Against macOS Users in the Crypto Sector

North Korean Hackers Target Apple Devices in Sophisticated Crypto Heist Campaign
service

A new wave of cyberattacks targeting Apple devices has been linked to North Korean state-sponsored threat actors, according to a recent investigation by cybersecurity firm Sentinel Labs. The attackers have developed advanced malware strains, specifically engineered to compromise Mac computers, in an ongoing campaign aimed at cryptocurrency companies.

Social Engineering via Telegram and Fake Zoom Updates

The threat actors begin their operations by impersonating trusted individuals on messaging platforms like Telegram. Victims are lured into joining fake video calls—often disguised as Zoom meetings—via a legitimate-looking Google Meet link. Shortly after, they are sent a seemingly harmless “Zoom update” file.

Once opened, this file installs a stealthy macOS malware variant known as NimDoor.

NimDoor: A Cross-Platform Menace

Unlike more commonly seen malware, NimDoor is written in Nim, a rare and unconventional programming language. This makes it significantly more difficult for traditional security tools to detect.

“Nim’s ability to compile across operating systems, including Windows, macOS, and Linux, allows attackers to deploy universal malware with minimal adjustments,” said Sentinel Labs researchers. “The use of Nim on macOS is particularly unusual and suggests a growing sophistication among DPRK-linked groups.”

NimDoor targets crypto wallets and saved browser credentials, silently harvesting sensitive data before transmitting it back to the attackers.

North Korean Hackers Target Apple Devices in Sophisticated Crypto Heist Campaign

Credential Theft and Telegram Database Extraction

The malware isn’t limited to passive data collection. It includes a credential-stealing payload designed to extract browser data, system-level information, and even Telegram’s encrypted local database—along with the keys needed to decrypt it.

To avoid early detection, the malware is programmed to delay activation for 10 minutes after execution—a technique increasingly used to evade endpoint protection systems.

Expanding Target: macOS is No Longer Immune

For years, macOS users enjoyed a sense of security due to the platform’s smaller market share and perceived immunity to common malware. But that perception is rapidly shifting.

Recent findings by cybersecurity firm Huntress suggest that North Korean hacking group BlueNoroff has also deployed similar macOS malware strains capable of bypassing Apple’s memory protections. Their toolkit includes keylogging features, screen recording, clipboard monitoring, and a full-featured infostealer dubbed CryptoBot, which specifically targets crypto wallet browser extensions.

Browser Extensions Under Siege

This week, blockchain security firm SlowMist issued a separate warning about a large-scale campaign involving dozens of malicious Firefox extensions designed to hijack cryptocurrency wallet credentials.

“Over the last few years, we have seen macOS become a larger target for threat actors, especially with regard to highly sophisticated, state-sponsored attackers,” Sentinel Labs concluded, adding further weight to the growing evidence that Macs are no longer immune to viruses or cyber intrusions.

North Korean Hackers Target Apple Devices in Sophisticated Crypto Heist Campaign - CDS LOGO MAIN

0
i_like_it
I like it
0
caught_my_eye
Caught my eye
0
accurate_information
Accurate Information
0
unique_information
Unique Information
0
well_done_
Well done!
0
looks_good_
Looks good!
North Korean Hackers Target Apple Devices in Sophisticated Crypto Heist Campaign
Comment

Your email address will not be published. Required fields are marked *

Login

To enjoy Crypto Data Space privileges, log in or create an account now, and it's completely free!