North Korean Hackers Target Cryptocurrency Projects with New Mac Malware NimDoor

According to a report released on Wednesday by cybersecurity firm Sentinel Labs, North Korean hackers are using a new type of malware targeting Apple devices to attack cryptocurrency companies. The hackers impersonate trusted individuals on instant messaging apps such as Telegram, sending fake Zoom update files that actually install malware called "NimDoor." This malware, written in the rare Nim programming language, can bypass Apple’s memory protection mechanisms and deploy information-stealing programs specifically targeting cryptocurrency wallets and browser passwords. Nim is becoming increasingly popular among cybercriminals because it can run on Windows, Mac, and Linux without modification, compiles quickly, and is difficult to detect. The malware also includes scripts capable of stealing Telegram’s encrypted local database and decryption keys, and it waits 10 minutes before activating to evade security scans.