North Korean hackers are using new types of harmful software (malware) to attack Apple devices. They are doing this as part of a plan to steal from cryptocurrency companies.
A report from cybersecurity company Sentinel Labs on Wednesday said the hackers pretend to be a trusted person on messaging apps like Telegram. Then, they ask for a fake Zoom meeting using a Google Meet link. After that, they send a file that looks like a Zoom update, but it’s actually malware.
How does it work?
When the fake “update” is opened, it puts malware called “NimDoor” onto Mac computers. This malware tries to steal things like crypto wallets and saved passwords from web browsers.
In the past, many people thought Mac computers were safer from hackers, but that’s not true.
Even though the way the hackers trick people is common, this malware is written in a rare coding language called Nim. This makes it harder for security programs to find and stop it.
What is Nim?
Nim is a new and not very common programming language. Hackers like it because they can use it to create malware that works on Windows, Mac, and Linux without making changes. This means they can write one program and attack many types of computers.
Nim is also fast at turning code into working programs. It creates files that can run on their own, and it’s harder for security tools to catch it.
The harmful file (called a payload) includes a tool that secretly steals saved information from browsers and the computer system. It packs this data and sends it out to the hackers without the user knowing.
There is also a special script that steals Telegram’s local database and the keys needed to unlock it.
The malware is smart, it waits ten minutes before starting, so security programs are less likely to notice it.
In June, cybersecurity company Huntress said malware like this was connected to BlueNoroff, a hacking group backed by North Korea.