North Korean threat actors are targeting Web3 and crypto companies with NimDoor, a sophisticated macOS backdoor disguised as a Zoom update. The malware uses encrypted communication, complex multi-language code, and unique persistence techniques to steal sensitive data and avoid detection. #NimDoor #NorthKoreaThreats #Web3Security #CryptoAttacks
Keypoints
- North Korea-linked hackers employ NimDoor malware to target Web3 and crypto firms.
- The malware is disguised as a fake Zoom update and delivered via phishing links on Calendly and Telegram.
- NimDoor uses encrypted WebSocket and process injection techniques for communication and persistence.
- Attackers drop Mach-O binaries that steal user data and maintain stealth through signal handling.
- The campaign showcases the use of cross-platform languages like Nim, Go, and Rust to evade detection.