Hackers Trick Crypto Firms with Fake Zoom Updates

Advanced Malware NimDoor Steals Data and Evades Detection

North Korean hackers have developed a new method to target crypto startups, utilizing fake Zoom updates to infiltrate Mac computers. The malware, dubbed NimDoor, employs a sophisticated blend of programming languages to pilfer data and remain undetected.

The Hacking Process

1. Initial Contact:

   • Hackers initiate contact via Telegram, impersonating acquaintances.
   • Victims are prompted to schedule a call using Calendly.

2. Fake Update Deployment:

   • A phishing email containing a fake Zoom link is sent.
   • The link directs users to a malicious file disguised as a Zoom update.

3. Malware Execution:

   • Upon downloading and running the fake update, NimDoor activates.
   • It establishes a hidden connection to a hacker-controlled server.
   • The malware ensures persistence, surviving reboots and deletion attempts.

4. Data Theft:

   • NimDoor deploys scripts to steal:
   • Passwords
   • Browser data
   • Telegram messages
   • Stolen information is used for financial theft or further data breaches.

Rising Threat Trends

• Hackers are increasingly adopting advanced techniques.
• The use of multiple programming languages complicates detection.
• Users must exercise caution when downloading files, especially from unknown sources.

Security Recommendations

• Verify software updates before installation.
• Keep software up to date to patch vulnerabilities.
• Use strong, unique passwords to safeguard accounts.