North Korean hacking groups are developing new methods to target Web3 companies, including some aimed at infecting Apple systems. Additionally, the use of social engineering is becoming more prevalent in these attacks, highlighting the level of preparation involved in these operations.

North Korean Hackers’ New Methods: Nim Malware and Clickfix

Hackers groups from North Korea are increasingly adopting new methods to target Web3 companies and take advantage of their vulnerabilities to gain access to their systems. One of these, identified as Nimdoor, is focused on infecting Apple systems due to their high popularity.

According to The Hacker News, the attack uses social engineering to approach targets and set up meetings using video conferencing software like Zoom. The invite for the Zoom call contains a link to a program that, for the user, updates the Zoom software to its latest version.

However, in reality, the software delivers a script that allows attackers to gather system information and run arbitrary code, opening the infected system to remote management.

Investigators highlighted that this shows how North Korean hackers are weaponizing Apple systems’ capabilities to complete their attacks.

Sentinelone researchers Phil Stokes and Raffaele Sabato stated:

Nim’s rather unique ability to execute functions during compile time allows attackers to blend complex behaviour into a binary with less obvious control flow, resulting in compiled binaries in which developer code and Nim runtime code are intermingled even at the function level.

In addition, North Korean groups are also using other email-focused methods for their purposes, in a campaign that researchers have called Babyshark. The method includes delivering bogus documents that are socially engineered for the user to feel the urge to open it.

The documents have been reported to pose as interview requests from real newspapers, data requests from intelligence officers about visits to other countries, and diplomatic papers.

The situation gets even more dangerous when operatives from these groups infiltrate the organizations attacked, as has been documented to have happened in the past. According to blockchain security expert Zackxbt, over $16 million has been paid to these operatives posing as developers in these companies since the start of 2025.

#Binance #wendy #BTC $BTC