Beware! North Korean Hackers Target Mac Users in a Very Creative Way
2025-07-03 23:52:15
Main Idea
NimDoor is a macOS-targeting malware linked to DPRK actors, which steals browser and Telegram data through deceptive scripts, while blockchain investigator ZachXBT uncovered $2.76 million in payments to DPRK developers.
Key Points
1. NimDoor is a macOS malware attributed to DPRK actors, deploying Bash scripts to steal data from browsers (Arc, Brave, Firefox, Chrome, Edge) and Telegram.
2. The attack involves impersonating trusted contacts and using Trojans to install scripts, making detection difficult due to spoofing techniques.
3. ZachXBT identified $2.76 million in USDC payments to DPRK developers in 2023, tied to alleged conspirator Sim Hyon Sop.
4. Hiring multiple DPRK IT workers is considered a red flag for project failure, often due to team negligence.
5. Similar attacks were previously detected by Huntabil.IT and Huntress in April.
Description
SentinelLabs, the research and threat intelligence arm of cybersecurity firm SentinelOne, has delved into a new and sophisticated attack campaign called NimDoor, targeting macOS devices from DPRK bad actors. The elaborate scheme involves using the programming language Nim to inject multiple attack chains on devices used in small Web3 businesses, which is a recent trend. Self-proclaimed investigator ZachXBT has also uncovered a chain of payments made to Korean IT workers, which could be part of t...
Latest News
- XRP, ADA, DOGE: Here’s How They Can Surge by Double Digits2025-07-04 11:45:19
- US Lawmakers Plan ‘Crypto Week’ for July 14 to Tackle Major Bills2025-07-04 11:30:35
- Crypto Price Analysis July-04: ETH, XRP, ADA, SOL, and HYPE2025-07-04 11:12:15
- Ripple (XRP) Price Predictions, Recent Binance Changes, and More: Bits Recap July 4th2025-07-04 10:10:33
- Here’s Why Bitcoin’s Price Doesn’t go up Despite Massive ETF and Corporate Buys2025-07-04 08:57:33