According to ShibDaily, North Korean hackers launched a new cyberattack campaign targeting cryptocurrency companies, deploying a sophisticated malware variant known as NimDoor.
This malware is designed to infiltrate Apple devices, bypassing built-in memory protections to extract sensitive data from cryptocurrency wallets and browsers.
The attack begins with social engineering tactics on platforms like Telegram, where hackers present themselves as trusted contacts to engage victims in conversation. They then invite the target to a fake Zoom meeting disguised as a Google Meet session and send a file that mimics a legitimate Zoom update.
This file serves as the delivery method for the malicious payload. Once executed, the malware installs NimDoor on the victim's device, which proceeds to collect sensitive information, specifically targeting cryptocurrency wallets and credentials stored in the browser.
Cybersecurity researchers from SentinelLabs discovered this new tactic, noting that the use of the Nim programming language distinguishes this malware. Binaries compiled in Nim are rarely seen targeting macOS, making the malware less recognizable to conventional security tools and potentially more difficult to analyze and detect.
Researchers observed that North Korean threat actors have previously experimented with programming languages like Go and Rust, but the shift to Nim reflects a strategic advantage due to its cross-platform capabilities. This allows the same codebase to run on Windows, Linux, and macOS without modification, increasing the efficiency and reach of their attacks.
The malicious payload includes a credential theft component designed to discreetly harvest browser and system data, aggregate the information, and transmit it to the attackers. Additionally, researchers identified a script within the malware that targets Telegram, extracting both its encrypted local database and the corresponding decryption keys.
Notably, the malware employs a delayed activation mechanism, waiting ten minutes before executing its operations, in an apparent effort to evade security scanners.
#news #golpe #noticias #apple #iOS $BTC $BNB $PAXG