Apple naked running! North Korean hackers use Zoom poison packages to attack Mac users, $1.6 billion is just the beginning!
The North Korean hacker group has come up with a new trick! They are targeting employees of cryptocurrency companies using Apple computers. This time the weapon is called "NimDoor," a deeply hidden spyware. How do they make you fall for it? The scammers first pretend to know you on Telegram, set up a Calendly meeting, and then send you a "Zoom update package." Once you install it, you've been tricked!
Where is this virus sneaky?
1. Wearing an invisibility cloak: Written in the very obscure Nim language, the Apple antivirus database does not recognize it temporarily.
2. Finding loopholes: Uses "side-loading" to bypass Apple's official security checks.
3. Striking hard: Once installed, it immediately ransacks your system:
Steals all the passwords stored in your browser!
Takes away your Telegram chat database from your computer!
Scans and steals your cryptocurrency wallet files!
Even sets up "auto-start on boot" for itself, facilitating long-term lurking and downloading more malware.
This is by no means an isolated incident; it is a routine operation for North Korea to "earn foreign currency"! They specifically target the Web3 sector, using extremely cunning methods. Think about the previous incident where the Cosmos team accidentally hired a North Korean developer, and the case where the U.S. Department of Justice accused North Korean hackers of laundering $900,000 in dirty coins using Tornado Cash. Insufficient security investment is the biggest weakness of cryptocurrency companies. In February of this year, Bybit was hacked for $1.5 billion (accounting for over 70% of the industry's total losses in the first half of the year), and North Korean hackers' "performance" exceeded $1.6 billion in the first half of the year! How many top security teams could be supported by this money? The saved security budget ultimately becomes the hackers' arsenal. Apple systems ≠ vault, employees are the most vulnerable entry point.
Protection recommendations:
Company rule: Completely ban any installation packages that are not officially signed!
Download strict rules: Software updates should only come from the official website.
Social vigilance: Blacklist any "strangers" who initiate chats on Telegram and send installation packages! Updates will not fall from the sky.
Click on the avatar, follow me, and don't miss any firsthand information updates! Let's join the bull market feast!
