New MacOS Shadcode “Nimdoor” attacks web3 and crypto platforms – ITOPNEWS.de

New MacOS Shadcode “Nimdoor” attacks web3 and crypto platforms – ITOPNEWS.de


Sentinellabs security researchers have uncovered a new malware family for MacOS.

It is under the name Nim known. Behind this attack is probably a North Korean APT player who is targeting web3 and crypto companies.

This is how Nimdoor works

  • Infection vector
    The attackers use sophisticated social engineering methods – such as Telegram chats and fake invitations to zoom updates via Calendly. To do this, users are persuaded to carry out an alleged zoom SDK update that secretly executes AppleScript and re-loads the second malice code.
  • Multi -stage infection shedInstaller: Creates necessary directories and invites other components.
    GoogIe LLC: Collects environmental data, installs itself via a launcher plist for persistence.
    CoreKitAgent: Main component of the malware-it uses macOS-specific mechanisms such as kqueueWebsocket encryption (wss) and signal handler (Sigint/Sigterm) to re -stable yourself and bring them back to life.
  • Data drainage
    In the last step, Bash scripts (“UPL” & “TLGRM”) start, the browser data (including passwords), read iCloud-Keychain and local telegram data and send them to Command-and-Control servers.

Why this discovery is alarming

  • Unusual programming language
    The choice of NIM as a development environment; Combined with AppleScript; Is new and complicates the analysis of the malware.
  • Advanced persistence technology
    Corekitagent's ability to automatically reinstall itself after shooting shows a high degree of technical sophistication.
  • Targeted attacks on crypto ecosystems
    In the course of financial crime, which is often associated with North Korean apt groups, this malware represents a concrete threat to the web3 industry.

These are good protective measures

This discovery underlines that MacOS is by no means immune to highly developed malware. In particular, people and companies in the crypto sector should remain sensitized and take suitable countermeasures:

  • Beware of phishing and fake update information
    Never run scripts or software from unknown sources, especially if they appear via chat or email.
  • Regular updates
    Always keep the MacOS system and installed programs up to date. Apple delivers Important security patch.
  • Use antivirus software
    In addition to MacOS boarding agents, a third-party anviron solution can contribute significantly to security. For example, it is recommended Target Mac Internet Security X9that offers both real -time protection (virus barrier) and a firewall (Nettbarrier).

Memory: Security is going on

Installs an antivirus program like Integoto protect your system comprehensively. Especially if you work with critical content such as cryptocurrencies. So it always stays vigilant.

This article contains partner links. By clicking on it, you get directly to the provider. If you choose a purchase, we will receive a small commission. Nothing changes for you at the price. Thanks for your support. Photo: Apple



Source link

Jayd Johnson
Post Views: 213

Jayd Johnson

White house puts pressure: crypto laws in the urgent procedure

White house puts pressure: crypto laws in the urgent procedure

Paper gold, paper bitcoin: Is there a problem with ETFs?

Paper gold, paper bitcoin: Is there a problem with ETFs?

Swiss banks and digital assets: impressions of the CVJ.CH Summer Soirée

Swiss banks and digital assets: impressions of the CVJ.CH Summer Soirée

Online Crypto Casino – Der Casino-Check 2025

Online Crypto Casino – Der Casino-Check 2025

Bitget Wraps Up Anti-Scam Month with Over 65% of Participants Successfully Identifying Crypto Fraud Tactics

Bitget Wraps Up Anti-Scam Month with Over 65% of Participants Successfully Identifying Crypto Fraud Tactics

Crypto Casinos – Online Casino test winner 2025

Crypto Casinos – Online Casino test winner 2025

Leave a Reply

Your email address will not be published. Required fields are marked *