North Korean hackers are increasingly targeting web3 and crypto organizations by infecting macOS systems with Nim-compiled malware via fake Zoom updates and impersonation tactics. Their advanced techniques include using Nim programming language, AppleScripts, and signal handlers for persistence and data exfiltration, posing significant threats to targeted entities. #PyongyangAPT #NimDoor
Keypoints
- North Korean hackers use fake Zoom update links to deliver malware to crypto and web3 organization employees.
- The malware employs the Nim programming language to create sophisticated macOS binaries with unique persistence features.
- Attackers utilize AppleScripts and Bash scripts for initial access, beaconing, and data exfiltration tasks.
- Two Mach-O binaries operate independently, one for data exfiltration and another for establishing persistent access.
- The malware exploits signal handlers to maintain persistence and re-deploy components after termination.
Read More: https://www.securityweek.com/north-korean-hackers-use-fake-zoom-updates-to-install-macos-malware/