• Dapps:16.23K
  • Blockchains:78
  • Active users:66.47M
  • 30d volume:$303.26B
  • 30d transactions:$879.24M
NimDoor: Malware Disguised as Zoom Updates Attacks Crypto Companies

NimDoor: Malware Disguised as Zoom Updates Attacks Crypto Companies

user avatar

by Giorgi Kostiuk

6 hours ago


North Korean hackers have launched a new attack using NimDoor malware targeting MacOS crypto firms.

What is NimDoor?

NimDoor is a new malware that disguises itself as Zoom updates and spreads through Telegram messages and email invites. Victims receive a fake Calendly link that downloads an AppleScript file padded with thousands of blank lines to hide its code. When executed, the script installs NimDoor onto the device.

How NimDoor Stays Hidden

The main threat of NimDoor is its stealth. It’s written in Nim, a rarely used programming language, helping the code evade traditional security analysis. Once installed, NimDoor injects itself into other processes, uses encrypted WebSocket channels for communication, and resists deletion by reinstalling itself if terminated. It also includes a beaconing system via AppleScript, pinging command servers every 30 seconds.

What NimDoor Steals

NimDoor's main goal is to steal sensitive data from crypto companies. It collects:

* Browser passwords from Chrome, Brave, Firefox, and more. * macOS Keychain contents, including saved credentials. * Local Telegram databases and encryption keys. * Terminal command history and system information.

This gives attackers the ability to compromise crypto wallets, hijack Telegram accounts, and steal business-critical data, all while staying under the radar.

The NimDoor malware attack emphasizes the importance of using reliable sources for software updates and regularly monitoring systems for suspicious applications and activity.

0

Rewards

chest
chest
chest
chest

More rewards

Discover enhanced rewards on our social media.

Other news

XRP as the Foundation of a New Financial Order: Expert Opinions

chest

Analysis of XRP's potential as a replacement for traditional banking systems and current trends in the cryptocurrency market.

user avatarGiorgi Kostiuk

Updates in Binance Pay: New Cryptocurrency Transfer Options

chest

Binance Pay enhances user experience with new transfer features supporting over 300 cryptocurrencies.

user avatarGiorgi Kostiuk

Dogecoin Continues to Decline: June 2025 Marks Another Downturn

chest

In June 2025, Dogecoin shows negative trends again, making this month the worst for the memecoin.

user avatarGiorgi Kostiuk

Lummis' Tax Bill Promises Changes to Cryptocurrency Taxation

chest

Senator Cynthia Lummis has introduced a bill proposing changes to the taxation of cryptocurrencies and exemptions for certain transactions.

user avatarGiorgi Kostiuk

DeFi Development Corp Acquires Solana Tokens Worth $2.72 Million

chest

DeFi Development Corp has purchased 17,760 Solana tokens for $2.72 million, reinforcing its position in crypto investments.

user avatarGiorgi Kostiuk

Investment Plans for Real-World Assets by Ondo Finance and Pantera Capital

chest

Ondo Finance and Pantera Capital announce a $250 million investment in real-world asset tokenization through the Ondo Catalyst fund.

user avatarGiorgi Kostiuk
dapp expert logo
© 2020-2025. DappExpert. All rights reserved.
© 2020-2025. DappExpert. All rights reserved.

Important disclaimer: The information presented on the Dapp.Expert portal is intended solely for informational purposes and does not constitute an investment recommendation or a guide to action in the field of cryptocurrencies. The Dapp.Expert team is not responsible for any potential losses or missed profits associated with the use of materials published on the site. Before making investment decisions in cryptocurrencies, we recommend consulting a qualified financial advisor.