NimDoor macOS Malware dey comot crypto data, dey send USDC

Security firm wey dem dey call SentinelLabs don catch NimDoor, malware wey dey target macOS from North Korea hackers wey dey try attack cryptocurrency company dem. Di bad guys dey pretend say dem be trusted people through Calendly and dem put fake Zoom update for cloned GitHub repo. If you install di fake app, e go deliver two Nim language binaries wey dem don hide well: one dey collect system and browser data (Arc, Brave, Firefox, Chrome, Edge), while di other one dey keep persistent access and dey steal encrypted Telegram messages. NimDoor macOS malware go immediately connect to C2 servers to begin dey carry away credentials and sensitive info. Blockchain investigator ZachXBT follow monthly transfer wey reach 2.76 million USDC from Circle accounts to DPRK developers—some dey linked to Tether blacklisted addresses—show say campaign get some solid money behind am. Ehn, infection dey mostly inside few Web3 business dem but e show say security threat dey grow for digital asset sector. Traders suppose confirm Zoom updates through official channels, enable endpoint protection, check digital signatures, keep patches up to date and do proper check for project teams to reduce risk.