🔥 BitDegree partnered with Ogvio - a free international money transfer service! Join the waitlist & grab Rewards! 🎁
Crypto News Exploits
NimDoor Malware Slips into Macs via Fake Video Meetings

NimDoor Malware Slips into Macs via Fake Video Meetings

Aaron S. Editor-In-Chief
Written by Aaron S.,
Editor-In-Chief

✓ Fact Checked

Last Updated: July 03, 2025

✓ Fact Checked

Key Takeaways

  • ​North Korean hackers use fake video calls and Zoom updates to sneak malware onto Macs;
  • Once installed, NimDoor steals crypto wallet data, browser logins, and Telegram files;
  • The malware is written in Nim, making it harder to detect and usable across all systems.

Stop overpaying - start transferring money with Ogvio. Join the waitlist & grab early Rewards NOW! 🎁

NimDoor Malware Slips into Macs via Fake Video Meetings

Sentinel Labs has discovered a hacking campaign that uses fake video meetings and disguised software updates to plant malware on Apple computers.

The attacks, linked to groups in North Korea, focus on stealing information from cryptocurrency companies by exploiting trust and targeting macOS users.

The scheme began when a hacker reached out through messaging apps like Telegram as a trusted contact. Then, they suggested a quick video call and sent a Google Meet link, followed by what appears to be a Zoom update file. When opened, the file installs a malware called “NimDoor” on the victim’s Mac.

How to Buy Crypto SAFELY With a Credit Card (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How to Buy Crypto SAFELY With a Credit Card (Animated)

How to Buy Crypto SAFELY With a Credit Card (Animated) How to Buy Crypto SAFELY With a Credit Card (Animated)

Once installed, NimDoor searches for cryptocurrency wallet keys, saved browser passwords, and other private data. It also runs a script that collects Telegram’s encrypted local database and the keys needed to unlock it.

The malware waits about ten minutes before starting its activity to avoid immediate detection.

The malware was written in Nim, a programming language rarely used in macOS attacks. Nim allows the same malicious code to run on Mac, Windows, and Linux, which means hackers do not need separate versions for each system. It also produces lightweight files that launch fast and leave fewer traces.

Researchers noted that while the social-engineering tactic is familiar, using Nim binaries on macOS is unusual and harder for security tools to recognize.

Recently, Kaspersky researchers Sergey Puzan and Dmitry Kalinin found a new type of malware called SparkKitty. How does the malware work? Read the full story.

Aaron S. Editor-In-Chief
Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.
See Our Experts
Loading...

The Most Liked Crypto News Findings

Looking for more latest crypto news on related topic? We have gathered similar news articles for you to spare your time. Take a look!

Balancer Introduces $8 Million Payout Plan After $116 Million Hack Fallout

Exploits

Balancer Introduces $8 Million Payout Plan After $116 Million Hack Fallout

Malicious Chrome Add-on 'Crypto Copilot' Slips Fees Into Raydium Trades

Exploits

Malicious Chrome Add-on 'Crypto Copilot' Slips Fees Into Raydium Trades

Upbit Halts Solana Transfers After $36 Million Crypto Heist

Exploits

Upbit Halts Solana Transfers After $36 Million Crypto Heist

Latest Crypto News & Videos

Balancer Introduces $8 Million Payout Plan After $116 Million Hack Fallout

Exploits

Balancer Introduces $8 Million Payout Plan After $116 Million Hack Fallout

UK Proposes No-Gain, No-Loss Tax Rules for DeFi Lending and Liquidity

DeFi

UK Proposes No-Gain, No-Loss Tax Rules for DeFi Lending and Liquidity

South Africa Reserve Bank Hits Pause on Retail CBDC Plans

Regulation

South Africa Reserve Bank Hits Pause on Retail CBDC Plans

Remittance Explained: Will This Newcomer Change the Game? (ANIMATED) Remittance Explained: Will This Newcomer Change the Game? (ANIMATED)
VIDEO

Remittance Explained: Will This Newcomer Change the Game? (ANIMATED)

Toobit Tutorial For Beginners (FULL Animated 2025 Guide) Toobit Tutorial For Beginners (FULL Animated 2025 Guide)
VIDEO

Toobit Tutorial For Beginners (FULL Animated 2025 Guide)

Copy Trading Guide for Beginners (ANIMATED EXAMPLES) Copy Trading Guide for Beginners (ANIMATED EXAMPLES)
VIDEO

Copy Trading Guide for Beginners (ANIMATED EXAMPLES)

Trending Crypto News

Bitcoin's stuck… is the breakout coming?

Bitcoin's stuck… is the breakout coming?

South Korea Expands Anti–Money Laundering Regulations for Crypto

South Korea Expands Anti–Money Laundering Regulations for Crypto

Hong Kong Fire Sparks Crypto Fundraiser: Exchanges Race to Aid Victims

Hong Kong Fire Sparks Crypto Fundraiser: Exchanges Race to Aid Victims

IMF Flags Fragmentation and Flash Crash Threats in Tokenized Markets

IMF Flags Fragmentation and Flash Crash Threats in Tokenized Markets

Ledger Square
binance
×
Verified

GET EARLY REWARDS

Join Ogvio Waitlist
Rating
5.0
Get deal
×
BitDegree.org

BitDegree.org

Fact-checking Standards

To ensure the highest level of accuracy & most up-to-date information, BitDegree.org is regularly audited & fact-checked by following strict editorial guidelines & review methodology.
Carefully selected industry experts contribute their real-life experience & expertise to BitDegree's content. Our extensive Web3 Expert Network is compiled of professionals from leading companies, research organizations and academia.

All the content on BitDegree.org meets these criteria:

  • Only authoritative sources like academic associations or journals are used for research references while creating the content.
  • The real context behind every covered topic must always be revealed to the reader.
  • If there's a disagreement of interest behind a referenced study, the reader must always be informed.
Feel free to contact us if you believe that content is outdated, incomplete, or questionable.
×
Subscribe

Subscribe

On Youtube

Understand crypto with ease

New explainer videos every week!