North Korean Hackers Use New macOS Virus to Steal Crypto Wallets

Security researchers at SentinelLabs have revealed in a recent report that hackers now use a new and dangerous computer virus is targeting crypto companies through Apple devices. Experts have discovered a backdoor tool called NimDoor. A North Korean hacking group utilizes this malicious tool to steal sensitive data, including passwords and cryptocurrency wallet files. The attack is smartly disguised and manages to bypass many built-in macOS security checks. Hackers Use Telegram and Calendly to Lure Crypto Victims The attack begins with a message sent through Telegram, known to be vulnerable to crypto malware . On the messaging app, hackers pretend to be legitimate contacts, then invite the target to a fake meeting scheduled via Calendly, a widely used calendar tool. As part of the setup, the target is asked to download what appears to be a Zoom update. However, instead of updating the video app, the file installs malware that runs quietly in the background. It sidesteps macOS safety checks by disguising itself as a trusted update. The virus is called NimDoor because it was created using the Nim programming language, which is not commonly used in cyberattacks. This makes it harder for Apple’s security system to recognize and block it. Once NimDoor is installed, it starts stealing sensitive data. It collects saved passwords from web browsers, files from Telegram conversations, and crypto wallet credentials. It also sets up a backdoor, allowing hackers to return later and install more malicious software. SentinelLabs’ Warning to Crypto Firms SentinelLabs has warned crypto-related businesses to strengthen their digital safety. Security experts advise firms to block unsigned installer files and only download Zoom updates from official websites. SentinelLabs experts also recommend checking Telegram contact lists for suspicious profiles, particularly those that send unknown files. It was emphasized that these simple checks can prevent attackers from getting in. Part of a Larger Campaign by DPRK Hackers This new malware attack adds to a long list of recent cybercrimes linked to North Korea ’s notorious hacking group. Just last week, Interchain Labs reported that a North Korean developer had been hired unknowingly to work on a major blockchain project. Recently, the U.S. Department of Justice (DOJ) filed a civil forfeiture to seize $7.74 million worth of crypto linked to North Korean IT workers. It was revealed that these workers pretended to be remote employees, earning money illegally. These criminals usually send the money back to North Korea to help the government avoid sanctions and fund its military programs. According to TRM Labs, North Korean-linked groups stole around $1.6 billion from web3 companies in just the first half of 2025. The biggest hit came in February when Bybit lost $1.5 billion in a single breach . This hack event accounted for over 70% of all crypto losses in that period. The post North Korean Hackers Use New macOS Virus to Steal Crypto Wallets appeared first on TheCoinrise.com .