North Korean hackers use fake Zoom update program to spread macOS malware 'NimDoor' targeting encryption companies

According to The Block, cybersecurity company SentinelLabs recently discovered that a North Korean hacker group is using a new "NimDoor" macOS backdoor program to attack cryptocurrency companies. This malicious software spreads by forging Zoom update packages and can steal browser passwords, Telegram data, and encrypted wallet files. The attacker first contacts the target on Telegram, arranges a meeting through Calendly, and induces the victim to download the poisoned 'Zoom update'. This backdoor is written in the obscure programming language Nim and can bypass Apple's security checks. Once installed, it will automatically create login entries to run continuously and download subsequent attack modules. Security experts suggest that cryptocurrency companies take three protective measures: blocking unsigned installation packages, downloading updates only from the Zoom. us domain, and auditing Telegram contact lists.