North Korean threat actors have developed the highly advanced NimDoor malware targeting macOS, specifically aimed at web3 and cryptocurrency organizations. This sophisticated malware employs signal-based persistence and modular components to exfiltrate sensitive data and maintain resilience against defenses. #BlueNoroff #NimDoor
Keypoints
- North Korean hackers have launched a campaign using the NimDoor malware family on macOS systems.
- The malware relies on unusual techniques, including signal-based persistence and custom signal handlers for robustness.
- It employs a modular architecture with binaries such as GoogIe LLC and CoreKitAgent to manage control flow and data theft.
- The attack chain involves luring victims via Telegram and fake Zoom SDK updates delivered through Calendly and email.
- Targeted exfiltration includes web browsers, Keychain data, and Telegram messages, aiming to steal cryptocurrency assets and sensitive information.