Security researchers at SentinelLabs uncovered “NimDoor,” a macOS malware campaign aimed at cryptocurrency and Web3 users, linked to North Korean threat actors. Unusually advanced for macOS, NimDoor leverages process injection and TLS-encrypted WebSocket communications.

The attack begins with a malicious AppleScript disguised as a Zoom update, which deploys a C++ Mach-O binary that steals browser histories, system info, and Telegram archives. A Nim-based “installer” ensures persistence via two backdoors named GoogIe LLC and CoreKitAgent.

source: TechRepublic

Keep an eye on the daily Telegram news from OnlyTG.