A cybersecurity firm has uncovered a North Korean hacking campaign targeting macOS systems within Web3 and cryptocurrency organizations. The hackers are employing “NimDoor” malware, delivered through social engineering tactics on chat platforms.
The attack involves malicious bash scripts disguised as updates or other files. These scripts are designed to harvest sensitive data, including browser information, iCloud Keychain credentials, and Telegram user data. This information is then exfiltrated to the attackers.
The techniques employed are consistent with other known North Korean hacking activities, suggesting a continued focus on exploiting the growing and lucrative Web3 and crypto sectors. The discovery highlights the need for heightened security awareness and robust protection measures among individuals and organizations operating in these industries, particularly those utilizing macOS devices.
