North Korea's Lazarus Group Launches Sophisticated Crypto Attack with Novel macOS Malware
In a recent development, cybersecurity firm SentinelLabs has uncovered a sophisticated attack campaign by the notorious Lazarus group, known for their advanced malware protection tactics. The North Korean threat actors have been targeting cryptocurrency companies, employing a novel macOS malware called NimDoor.
The campaign, discovered in April 2025, involves a complex multi-stage deployment process. It begins with social engineering, where attackers impersonate trusted contacts on Telegram and use Calendly to schedule meetings. Once access is gained, they deploy NimDoor malware using spear-phishing emails with malicious links.
The malware, written in the less familiar Nim programming language, sets up persistence by launching a macOS LaunchAgent and reinstalling itself upon termination or system reboot. It maintains a foothold through scheduled tasks and registry modifications. Every 30 seconds, the malware beacons to command and control infrastructure, attempting to post data obtained from listing all running processes on the victim machine.
Lazarus employs an eclectic mix of scripts and binaries written in AppleScript, C++, and Nim, making detection challenging. The use of Nim, unfamiliar to many analysts, adds to the complexity. The attackers also employ novel tactics, techniques, and procedures (TTPs) for persistence and malware deployment.
SentinelLabs' discovery highlights the evolving threat landscape, with North Korean actors like Lazarus adapting their tactics to target cryptocurrency businesses. The use of novel malware like NimDoor, written in less familiar languages, underscores the importance of continuous vigilance and innovative cybersecurity measures.
Read also:
- Trump announces Chinese leader's confirmation of TikTok agreement
- SpaceX & T-Mobile Activate Starlink for Hurricane Helene Connectivity
- Hackers Utilize GOLD SALEM to Infiltrate Networks and Evade Security Measures, Deploying Warlock Ransomware
- Strengthening Resistance Against Combined Risks in an Age Characterized by Authoritarian Technology
