North Korean hackers use Nim to write malware targeting MAC devices, specifically focusing on cryptocurrency wallets and Telegram data

ChainCatcher news, according to a report released by cybersecurity company Sentinel Labs on Wednesday, North Korean hackers are using a new type of malware targeting Apple devices to attack cryptocurrency companies. The hackers impersonate trusted individuals on instant messaging applications like Telegram, sending fake Zoom update files that actually install malware named "NimDoor."

This malware is written in the rare Nim programming language, which can bypass Apple's memory protection mechanisms and deploy information stealers specifically targeting cryptocurrency wallets and browser passwords. The Nim language is becoming a new favorite among cybercriminals because it can run on Windows, Mac, and Linux without modification, compiles quickly, and is difficult to detect.

The malware also includes scripts capable of stealing the encrypted local database and decryption keys from Telegram, and it waits for 10 minutes before activation to evade security scans.