- By using NIM, miscreants are capable of bypassing traditional AV measures
- They approach their victims on telegram and invite them to a zoom meeting
- Malware steals sensitive data and crypto -symbols
North Koreans are aimed at Mac users with brand new malware in an attempt to steal cryptocurrency and other sensitive data, experts have warned.
Security researchers from Sentinellabs discovered Nimdoor, a unique malware in the back door written in a lesser-known programming language called NIM, which they attributed to North Korea’s state-sponsored opponents who primarily dealt with cryptocurrency theft, which is then used to fund both its state appliances and its weapons program.
NIM is used primarily to avoid detection. The back door also uses AppleScript for beaconing and asynchronous sleepers, fools traditional security measures and maintains persistence.
Alarming evolution
The attack usually starts on telegram, where the victims are contacted by a seemingly trusted contact and invited to a false zoom meeting.
The link redirects the victim to a counterfeit zoom page asking them to install an update to participate in the call. Instead of the update, the victims are dropped the malicious payload that steals all sorts of sensitive data, from browser history, search activity, cookies, telegram data, to keychain passwords.
“This represents an alarming development in North Korean cyber functions, especially because it specifically utilizes the growing remote processing trend and Mac users’ perceived lower vulnerability to such attacks,” the researchers explained.
North Korean state-sponsored threat players are known for their campaigns aimed at cryptocurrency and web3 companies. Among the largest and most dangerous groups is Lazarus, a threat actor who equalized more than $ 3.4 billion in various attacks between 2021 and 2025.
Among the biggest heists is the Bybit attack, which happened in February 2025, when they stole approx. 1.5 billion dollars in different symbols. Ronin Bridge was compromised in March 2022 for $ 600 million, while Poly Network lost about the same amount the year before.
