North Korean hackers continue to evolve their cyberattacks by employing new malware aimed at Apple devices. A recent report from Sentinel Labs indicates that this malware, named NimDoor, is utilized to target crypto companies.
Overview of the New NimDoor Threat
According to a report by Sentinel Labs, attackers impersonate trusted contacts on messaging apps like Telegram and request a fake video meeting via Google Meet. They then send a file that appears to be a Zoom update. Once executed, it installs the NimDoor malware on Mac computers, targeting crypto wallets and browser passwords.
Technological Aspects of the Malware
The malware is written in Nim, a programming language that makes it harder for antivirus software to detect. Researchers noted that while the initial stages of the attack follow familiar patterns, the use of Nim-compiled binaries on macOS is an unusual choice. Nim allows for universal code that runs on Windows, Mac, and Linux without modifications.
Increase in Attacks on macOS
It was previously believed that Mac computers were less vulnerable to hacks, but that perception is changing. Recently, Huntress reported similar malware incursions linked to the North Korean hacking group BlueNoroff. According to Sentinel Labs, the myth that Macs don’t get viruses is no longer valid.
In conclusion, the introduction of the new NimDoor malware signifies a growing threat from North Korean cybercriminals targeting cryptocurrency users and highlights the shifting landscape of cybersecurity for Mac computers.
