TECHNOLOGY

Hackers Trick Crypto Firms with Fake Zoom Updates

Thu Jul 03 2025

Advanced Malware NimDoor Steals Data and Evades Detection

North Korean hackers have developed a new method to target crypto startups, utilizing fake Zoom updates to infiltrate Mac computers. The malware, dubbed NimDoor, employs a sophisticated blend of programming languages to pilfer data and remain undetected.

The Hacking Process

  1. Initial Contact:

    • Hackers initiate contact via Telegram, impersonating acquaintances.
    • Victims are prompted to schedule a call using Calendly.

  2. Fake Update Deployment:

    • A phishing email containing a fake Zoom link is sent.
    • The link directs users to a malicious file disguised as a Zoom update.

  3. Malware Execution:

    • Upon downloading and running the fake update, NimDoor activates.
    • It establishes a hidden connection to a hacker-controlled server.
    • The malware ensures persistence, surviving reboots and deletion attempts.

  4. Data Theft:

    • NimDoor deploys scripts to steal:
    • Passwords
    • Browser data
    • Telegram messages
    • Stolen information is used for financial theft or further data breaches.
  • Hackers are increasingly adopting advanced techniques.
  • The use of multiple programming languages complicates detection.
  • Users must exercise caution when downloading files, especially from unknown sources.

Security Recommendations

  • Verify software updates before installation.
  • Keep software up to date to patch vulnerabilities.
  • Use strong, unique passwords to safeguard accounts.
continue reading...

questions

    How do the tactics used in this attack compare to those used in previous macOS malware campaigns?
    What are the ethical implications of using social engineering tactics in cybersecurity research and reporting?
    How can the cybersecurity industry balance the need for transparency with the risk of providing too much information to potential attackers?

actions

flag content