North Korean hackers are behind a new and unusually sophisticated macOS malware campaign that targets the crypto industry using fake Zoom invites.Here’s how it works.Dubbed “NimDoor” by researchers at , the attack is more sophisticated than the typical macOS threat, and it chains together AppleScript, Bash, C++, and Nim to exfiltrate data and maintain access in compromised systems.
Here’s ’ executive summary of the hack: How it actually works, in a nutshell Through social engineering, victims are approached via Telegram by someone impersonating a trusted contact.They’re asked to schedule a call through Calendly, then sent a follow-up email containing a fake Zoom link and instructions to run a bogus “Zoom SDK update.” says that the file “is heavily padded, containing 10,000 lines of whitespace to obfuscate its true function.” When executed, it triggers an intricate series of events that establish an encrypted connection with a command-and-control server.It also includes backup logic that reinstalls key components if the system is rebooted or the malware process is terminated.
Once all the hack’s binaries and persistence mechanisms are in place, the malware uses Bash scripts to scrape and exfiltrate credentials and sensitive data.That includes Keychain credentials, browser data, and Telegram data.The full technical deep dive is well worth a look If you want to dive deeper into the nitty gritty of how the hack works, the report includes full hash listings, code snippets, screenshots and attack flow diagrams, along with a much more detailed breakdown of each stage, from the fake Zoom update to the final data exfiltration.
The researchers also note that NimDoor reflects a broader shift toward more complex and less familiar cross-platform languages in macOS malware, moving beyond the Go, Python, and shell scripts that North Korean threat actors have typically used in the past.Does this sort of hack scare you? Do you think these hacks get blown out of proportion? Let us know in the comments.Accessory deals on Amazon Anker 25,000mAh power bank, 100W, USB-C: $119.99 Anker Foldable 3-in-1 wireless charger, 15W, Qi2: 20% off, at $71.99 AirPods Pro 2: 20% off, at $199.00 AirTag, 4 Pack: 24% off, at $74.99 HomeKit Smart Plug, 15A, 4 Pack: 20% off, at $34.99 You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day.
Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop.Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
