Sentinel Labs has discovered a hacking campaign that uses fake video meetings and disguised software updates to plant malware on Apple computers.
The attacks, linked to groups in North Korea, focus on stealing information from cryptocurrency companies by exploiting trust and targeting macOS users.
The scheme began when a hacker reached out through messaging apps like Telegram as a trusted contact. Then, they suggested a quick video call and sent a Google Meet link, followed by what appears to be a Zoom update file. When opened, the file installs a malware called “NimDoor” on the victim’s Mac.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What is a Crypto Airdrop & How to Get FREE Coins? (Animated)
Once installed, NimDoor searches for cryptocurrency wallet keys, saved browser passwords, and other private data. It also runs a script that collects Telegram’s encrypted local database and the keys needed to unlock it.
The malware waits about ten minutes before starting its activity to avoid immediate detection.
The malware was written in Nim, a programming language rarely used in macOS attacks. Nim allows the same malicious code to run on Mac, Windows, and Linux, which means hackers do not need separate versions for each system. It also produces lightweight files that launch fast and leave fewer traces.
Researchers noted that while the social-engineering tactic is familiar, using Nim binaries on macOS is unusual and harder for security tools to recognize.
Recently, Kaspersky researchers Sergey Puzan and Dmitry Kalinin found a new type of malware called SparkKitty. How does the malware work? Read the full story.
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.
