Security researchers at SentinelLabs have reported on a new virus targeting crypto companies through Apple devices. The virus, called NimDoor, is used by North Korean hackers to steal confidential information.
Attack Methods Targeting Crypto Investors
The attack begins with a message sent through Telegram, where hackers impersonate legitimate contacts, inviting the target to a fake meeting set up via Calendly.
The target is asked to download what appears to be a Zoom update. However, instead of updating the video app, the file installs malware that operates quietly in the background, bypassing macOS security checks by masquerading as a trusted update.
The virus is called NimDoor because it was created using the Nim programming language, which is not commonly used in cyberattacks, making it harder for Apple’s security system to recognize and block it.
Once installed, NimDoor starts stealing sensitive data by collecting saved passwords from web browsers, files from Telegram conversations, and cryptocurrency wallet credentials.
SentinelLabs’ Warning
SentinelLabs has advised crypto-related businesses to strengthen their digital safety. Security experts recommend blocking unsigned installer files and downloading Zoom updates only from official websites.
They also suggest checking Telegram contact lists for suspicious profiles, especially those that send unknown files, highlighting that simple checks can help prevent attacks.
Part of a Larger Campaign by North Korean Hackers
This new malware attack adds to a long list of recent cybercrimes linked to North Korea's notorious hacking group.
Recently, the U.S. Department of Justice filed a civil forfeiture to seize $7.74 million worth of crypto linked to North Korean IT workers. These criminals often send money back to North Korea to fund military programs. According to TRM Labs, North Korean-linked groups stole around $1.6 billion from web3 companies in just the first half of 2025.
The new NimDoor virus underscores the growing threat posed by North Korean hackers to crypto companies and the importance of maintaining security measures to protect against such attacks.
