Blog

North Korean infiltrators target the encryption with MAC Malware ‘Nimdoor’ program

Photo of cryptobizinvest.com cryptobizinvest.com Send an email 8 hours ago
0 0 2 minutes read


North Korean infiltrators use new breeds of malware aimed at Apple devices as part of the electronic attack campaign targeting encryption companies.

According to To a report from Sentinel Labs to the Cyber ​​Security Company on Wednesday, attackers impersonate someone who is reliable in correspondence applications such as Telegram, then request a Fake The meeting via the Google Meeting link before sending what appears to be a zoom update file for the victim.

NIMDOOR targets Mac computers

Once the “update” is implemented, the beneficial load installs harmful programs called “NIMDOOR” on Mac computers, which target the encryption portfolios and browser passwords.

Previously, it was widely believed that Mac computers were less likely to break down and exploits, but this was no longer the case.

Although the attack is relatively common, harmful programs are written in an unusual programming language called NIM, which makes it difficult to discover the safety program.

The researchers said: “Although the early stages of the attack follow a familiar style of DPRK using social engineering, luring text programs and fake updates, the use of NIM diodes on MacOS is an unusual option,” the researchers said.

Fake zoom update link. source: Guardian laboratories

NIM is a relatively and unfamiliar new programming language that has become common for Internet criminals because it can work on Windows, Mac and Linux without changes, which means that infiltrators can write one piece of harmful programs that work everywhere.

NIM also assembles Fast to Code, creates a stand -alone stand -up files, and it is very difficult to discover them.

Related to: Flood Flood Foundation Report attempts to penetrate fake enlargement in North Korea

The two guardians said that the actors who threatened in North Korea had previously tried GO and RUST programming languages, but NIM offers great advantages.

Infostealer load

The load contains a Accreditation They said, “It was designed to extract the browser and the system’s information level silently, and equip it,” they said.

There is also a text that steals the local TELEGRAM database and decoding keys.

It also uses smart timing by waiting ten minutes before activation to avoid detection of light scanners.

Mac Get viruses as well

Provider Solutions Solutions Solutions I mentioned In June, the incursions of similar malware were linked to the state’s bacteria group in North Korea.

The researchers stated that harmful programs were interesting because they were able to overcome the protection of Apple’s memory to inject useful load.

Smalling programs are used to give up the keys, screen registration, and retrieval of the preservative, and it also contains “Full feature Infostealer” called Cryptobot, which contains “focus on the theft of encrypted currency”. Infostealer penetrates browser accessories, looking for portfolio accessories.

This week, Blockchain Slomist security company Users users To a “huge harmful campaign” that includes dozens of fake Firefox extensions designed to steal the accreditation data of the encrypted currency portfolio.

“During the past few years, we saw that MacOS has become a greater target for representatives of threats, especially with regard to the highly developed attackers sponsored by the state.” myth Macs does not get viruses.

magazine: Bitcoin ‘Bull Pennant’ $ 165K $, POMPS Scoops Up 386M BTC: Hodler’s Digest