CoinInsight360.com logo CoinInsight360.com logo
America's Social Casino

cryptonews 2025-07-03 11:53:41

North Korean Hackers Unleash New Apple Malware in Imminent Crypto Threat—Here’s How

North Korea-linked threat actors have launched NimDoor to target companies in the Web3 and crypto industry. NimDoor, a sophisticated malware compiled in the Nim programming language specifically targets macOS systems. Unlike more widely used programming languages, Nim allows code execution during compilation, creating binaries that mix runtime and malware logic. This complicates reverse engineering and detection efforts. According to a new report by SentinelLabs, the campaign was first observed in April 2025 during an attack on a crypto startup. Multiple security firms have since confirmed similar incidents affecting other companies in the space. How North Korea Deploys Cyberattacks on Crypto Startups: SentinelLabs Report SentinelLabs reported that the attackers use classic social engineering techniques to trick victims into running the malicious code. Victims are approached on Telegram by impersonated contacts and invited to schedule a meeting via Calendly. They later receive an email with a Zoom link and instructions to install a supposed “Zoom SDK update.” According to the report, the link directs users to an AppleScript file hosted on domains mimicking Zoom’s official URLs. The script is heavily padded with thousands of lines of whitespace and ends with code that fetches a second-stage payload from attacker-controlled servers. After the initial download, the malware deploys two Mach-O binaries in the system’s temporary directory. The first binary, written in C++, performs process injection to launch a trojan. The second binary, compiled from Nim and labeled installer, installs persistence tools that ensure the malware remains active even after a system reboot or termination. This stage drops two more Nim-based binaries: GoogIe LLC and CoreKitAgent, both of which play roles in long-term access and system monitoring. Once deployed, the malware executes two that steal user data. The upl script extracts login credentials and browsing history from browsers such as Google Chrome and Firefox. The tlgrm script specifically targets Telegram data. All stolen data is compressed and sent to servers disguised as secure upload portals hosted by the attackers. North Korea’s Cyber Arsenal Evolves: Hackers Turn to Rare Programming Language SentinelLabs notes that this isn’t the first time DPRK-affiliated actors have used less common programming languages. Past campaigns have involved Go and Rust, and more recently, Crystal. Analysts believe the use of such languages will rise as attackers look for ways to evade traditional detection tools. This recent cybersecurity threat adds to the growing list of such activities emanating from North Korea. In April, North Korean hackers targeted U.S. crypto developers through a malware campaign using fake companies, including Blocknovas LLC and Softglide LLC, registered with false addresses. North Korean cyber spies reportedly set up fake US firms to deploy malware targeting crypto developers, violating Treasury sanctions. #NorthKorea #CyberSecurity https://t.co/TvCmrspaep — Cryptonews.com (@cryptonews) April 25, 2025 Tied to a Lazarus Group subgroup, the operation used fake job offers to spread malware stealing crypto wallets and credentials. In May, South Korea and the EU pledged closer cooperation to combat cyber threats, focusing on North Korea’s crypto crimes. During talks in Seoul, officials stressed the need for joint action amid rising attacks. Lawmaker Ha Tae-keung stated that North Korean hackers have stolen another $310 million in cryptocurrency from South Korean wallets since the $2 billion thefts reported by the UN in 2019. Chainalysis, in addition, reported $1.3 billion in stolen funds in 2024 Crypto hackers from North Korea stole $1.3 billion in funds in 2024, new data released this week from Chainalysis shows. #NorthKorea #CryptoHackers https://t.co/TQYgKiaQ22 — Cryptonews.com (@cryptonews) December 20, 2024 Just two days ago, the U.S. DOJ charged four North Koreans with stealing over $900,000 in cryptocurrency by posing as remote IT workers at blockchain firms. Using fake identities, they altered smart contracts to carry out the thefts, part of a scheme to fund North Korea’s weapons program. The post North Korean Hackers Unleash New Apple Malware in Imminent Crypto Threat—Here’s How appeared first on Cryptonews .

면책 조항 읽기 : 본 웹 사이트, 하이퍼 링크 사이트, 관련 응용 프로그램, 포럼, 블로그, 소셜 미디어 계정 및 기타 플랫폼 (이하 "사이트")에 제공된 모든 콘텐츠는 제 3 자 출처에서 구입 한 일반적인 정보 용입니다. 우리는 정확성과 업데이트 성을 포함하여 우리의 콘텐츠와 관련하여 어떠한 종류의 보증도하지 않습니다. 우리가 제공하는 컨텐츠의 어떤 부분도 금융 조언, 법률 자문 또는 기타 용도에 대한 귀하의 특정 신뢰를위한 다른 형태의 조언을 구성하지 않습니다. 당사 콘텐츠의 사용 또는 의존은 전적으로 귀하의 책임과 재량에 달려 있습니다. 당신은 그들에게 의존하기 전에 우리 자신의 연구를 수행하고, 검토하고, 분석하고, 검증해야합니다. 거래는 큰 손실로 이어질 수있는 매우 위험한 활동이므로 결정을 내리기 전에 재무 고문에게 문의하십시오. 본 사이트의 어떠한 콘텐츠도 모집 또는 제공을 목적으로하지 않습니다.