North Korean Hackers Use New Mac Malware NimDoor to Target Cryptocurrency Project

Blockbeats

07-03

BlockBeats News, July 3rd. According to a report released on Wednesday by the cybersecurity company Sentinel Labs, North Korean hackers are using a new type of malware targeting Apple devices to attack cryptocurrency companies. The hackers impersonate trusted individuals on instant messaging applications like Telegram, sending fake Zoom update files that actually install malicious software named "NimDoor."

This malware is written in the rare Nim programming language, which can bypass Apple's memory protection mechanism and deploy an information-stealing program specifically targeting cryptocurrency wallets and browser passwords. Nim language, known for its ability to run unmodified on Windows, Mac, and Linux, along with its fast compilation speed and difficulty of detection, is becoming the new favorite of cybercriminals.

The malware also includes a script to steal the Telegram encrypted local database and decryption key, and it waits for 10 minutes before activation to evade security scans.

免责声明：投资有风险，本文并非投资建议，以上内容不应被视为任何金融产品的购买或出售要约、建议或邀请，作者或其他用户的任何相关讨论、评论或帖子也不应被视为此类内容。本文仅供一般参考，不考虑您的个人投资目标、财务状况或需求。TTM对信息的准确性和完整性不承担任何责任或保证，投资者应自行研究并在投资前寻求专业建议。

热议股票

1
2
3
4
5
6
7
8
9
10

{"basename":"/hans","ssrTDKData":{"titleTemplate":"%s - 老虎证券","title":"老虎证券全球投资理财平台| 一站式投资美股新股港股A股","description":"老虎证券助您一站式投资美股，新股，港股，A股等全球金融理财产品。新加坡华人最信赖的在线投资平台，现在加入即享低费用，24/5 无时差炒美股投资理财！","keywords":"老虎证券,老虎证券开户,老虎券商,老虎证券官网,老虎证券app,tigertrade老虎证券,股票,炒股,新加坡股票交易平台,投资,投资理财","social":{"ogDescription":"老虎证券助您一站式投资美股，新股，港股，A股等全球金融理财产品。新加坡华人最信赖的在线投资平台，现在加入即享低费用，24/5 无时差炒美股投资理财！","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/hans/news/2548276768"},"companyName":"老虎证券"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2548276768\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2548276768?lang=zh_CN&edition=fundamental","thumbnail":"","is_english":true,"pubTime":"2025-07-03 14:18","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2548276768","market":"us","top_or_hot":-1,"title":"North Korean Hackers Use New Mac Malware NimDoor to Target Cryptocurrency Project","media":"Blockbeats","content":"<html><body><div><p>BlockBeats News, July 3rd. According to a report released on Wednesday by the cybersecurity company Sentinel Labs, North Korean hackers are using a new type of malware targeting Apple devices to attack cryptocurrency companies. The hackers impersonate trusted individuals on instant messaging applications like Telegram, sending fake <a href=\"https://laohu8.com/S/ZM\">Zoom</a> update files that actually install malicious software named \"NimDoor.\"</p><p>This malware is written in the rare Nim programming language, which can bypass Apple's memory protection mechanism and deploy an information-stealing program specifically targeting cryptocurrency wallets and browser passwords. Nim language, known for its ability to run unmodified on Windows, Mac, and Linux, along with its fast compilation speed and difficulty of detection, is becoming the new favorite of cybercriminals.</p><p>The malware also includes a script to steal the Telegram encrypted local database and decryption key, and it waits for 10 minutes before activation to evade security scans.</p></div></body></html>","source":"theblockbeats_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>North Korean Hackers Use New Mac Malware NimDoor to Target Cryptocurrency Project</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nNorth Korean Hackers Use New Mac Malware NimDoor to Target Cryptocurrency Project\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-07-03 14:18 GMT+8&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//en/flash/301073><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats News, July 3rd. According to a report released on Wednesday by the cybersecurity company Sentinel Labs, North Korean hackers are using a new type of malware targeting Apple devices to ...</p>\n\n<a href=\"https://www.theblockbeats.info//en/flash/301073\">网页链接</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"IE00BKVL7J92.USD","symbol_name":"Legg Mason ClearBridge - US Equity Sustainability Leaders A Acc USD","start_time":0,"source_url":"https://www.theblockbeats.info//en/flash/301073","article_id":"2548276768","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2548276768","pubTimestamp":1751523480,"columns":[],"sourceInfo":{"source_id":"theblockbeats_live","name":"Blockbeats快讯"},"weMediaInfo":null,"summary":"BlockBeats News, July 3rd. According to a report released on Wednesday by the cybersecurity company Sentinel Labs, North Korean hackers are using a new type of malware targeting Apple devices to attack cryptocurrency companies. The hackers impersonate trusted individuals on instant messaging applications like Telegram, sending fake Zoom update files that actually install malicious software named \"NimDoor.\"This malware is written in the rare Nim programming language, which can bypass Apple's memory protection mechanism and deploy an information-stealing program specifically targeting cryptocurrency wallets and browser passwords. Nim language, known for its ability to run unmodified on Windows, Mac, and Linux, along with its fast compilation speed and difficulty of detection, is becoming the new favorite of cybercriminals.The malware also includes a script to steal the Telegram encrypted local database and decryption key, and it waits for 10 minutes before activation to evade security sc","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"en","relate_stocks":{"IE00BKVL7J92.USD":"Legg Mason ClearBridge - US Equity Sustainability Leaders A Acc USD","MACW.SI":"APPLE 3xLongSG261006","IE0004445015.USD":"JANUS HENDERSON BALANCED \"A2\" (USD) ACC","LU1935043536.SGD":"MANULIFE GF GLOBAL MULTI-ASSET DIVERSIFIED INCOME \"AA\" (SGDHDG) INC A","LU1242518931.SGD":"Fullerton Lux Funds - Asia Absolute Alpha A Acc SGD","LU1732800096.USD":"摩根大通环球收益基金A (irc)","LU1551013425.SGD":"Allianz Income and Growth Cl AMg2 DIS H2-SGD","LU0175139822.USD":"AB FCP I Global Equity Blend A USD","LU0345769631.USD":"NINETY ONE GSF GLOBAL EQUITY \"A\" (USD) INC","BK4505":"高瓴资本持仓","LU1803068979.SGD":"FTIF - Franklin Technology A (acc) SGD-H1","LU1066053197.SGD":"HSBC GIF GLOBAL EQUITY VOLATILITY FOCUSED \"AM3\" (SGDHDG) INC","BK4577":"网络游戏","LU1917777945.USD":"安联专题基金Cl AT Acc","LU2028103732.USD":"ALLIANZ GLOBAL SUSTAINABILITY \"AMG\" (USD) INC","BK4559":"巴菲特持仓","ZM":"Zoom","LU1003077747.HKD":"BGF GLOBAL EQUITY INCOME \"A6\" (HKDHDG) INC","LU0316494557.USD":"FRANKLIN GLOBAL FUNDAMENTAL STRATEGIES \"A\" ACC","LU0238689110.USD":"贝莱德环球动力股票基金","LU0170899867.USD":"EASTSPRING INVESTMENTS WORLD VALUE EQUITY  \"A\" (USD) ACC","LU0345774631.USD":"NINETY ONE GSF AMERICAN FRANCHISE \"A\" (USD) INC","BK4507":"流媒体概念","IE00BJJMRX11.SGD":"Janus Henderson Balanced A Acc SGD","LU1506573853.SGD":"MANULIFE GF GLOBAL EQUITY \"AA\" (SGD) INC","LU1721428933.USD":"法巴全球经典环境基金RH MD Dis","LU0079474960.USD":"联博美国增长基金A","BK4525":"远程办公概念","LU2054465674.USD":"UBS (LUX) KEY SELEC SICAV DIGITAL TRANSFORMATION T \"P\" (USD) ACC","IE00BK4W5M84.HKD":"HSBC GLOBAL FUNDS ICAV US EQUITY INDEX \"HC\" (HKD) ACC","IE0009G5SDU7.USD":"PIMCO BALANCED INCOME AND GROWTH \"M\" (USD) INC","AAPL":"苹果","LU2265009873.SGD":"Eastspring Investments - Global Growth Equity AS SGD-H","LU2403377893.USD":"ALLIANZ SELECT INCOME AND GROWTH \"AM\" (USD) INC","LU0511384066.AUD":"SUSTAINABLE GLOBAL THEMATIC PORTFOLIO \"A\" (AUDHDG) ACC","LU0323240290.USD":"HSBC GIF GLOBAL EQUITY CLIMATE CHANGE \"AD\" INC","LU0308772762.SGD":"Blackrock Global Allocation A2 SGD-H","IE000ITXATA3.USD":"PIMCO BALANCED INCOME AND GROWTH \"M\" (USD) ACC","BK4501":"段永平概念","LU0943347566.SGD":"安联收益及增长平衡基金AM H2-SGD","IE00BMPRXQ63.HKD":"NEUBERGER BERMAN NEXT GENERATION CONNECTIVITY FUND \"A\" (HKDHDG) ACC","LU2097344357.USD":"SCHRODER ISF SUSTAINABLE MULTI-ASSET INCOME \"A\" (USDHDG) ACC","LU0128525929.USD":"TEMPLETON GLOBAL \"A\" (USD) ACC","IE000YTNTUN2.SGD":"PIMCO BALANCED INCOME AND GROWTH \"M\" (SGDHDG)INC","LU2271345857.HKD":"ALLIANZ GLOBAL SUSTAINABILITY \"AT\" (HKD) ACC","LU1291159041.SGD":"CPR Invest - Global Silver Age A2 Acc SGD-H","IE00BYQQ9H92.USD":"BNY MELLON GLOBAL LEADERS \"A\" (USD) ACC","IE0004445239.USD":"JANUS HENDERSON US FORTY \"A2\" (USD) ACC","LU0642271901.SGD":"Janus Henderson Horizon Global Technology Leaders A2 SGD-H"},"translate_title":"朝鲜黑客使用新的Mac恶意软件NimDoor攻击加密货币项目","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"AAPL":1,"MACW.SI":0.6,"ZM":1},"content_text":"BlockBeats News, July 3rd. According to a report released on Wednesday by the cybersecurity company Sentinel Labs, North Korean hackers are using a new type of malware targeting Apple devices to attack cryptocurrency companies. The hackers impersonate trusted individuals on instant messaging applications like Telegram, sending fake Zoom update files that actually install malicious software named \"NimDoor.\"This malware is written in the rare Nim programming language, which can bypass Apple's memory protection mechanism and deploy an information-stealing program specifically targeting cryptocurrency wallets and browser passwords. Nim language, known for its ability to run unmodified on Windows, Mac, and Linux, along with its fast compilation speed and difficulty of detection, is becoming the new favorite of cybercriminals.The malware also includes a script to steal the Telegram encrypted local database and decryption key, and it waits for 10 minutes before activation to evade security scans.","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"code":"91000000","status":"200"}}}