North Korean Hackers Target Mac Crypto Wallets with New NimDoor Malware

A newly discovered malware strain named NimDoor is raising alarms across the crypto community — especially for users on macOS.

Researchers have traced the malware to North Korean state-backed hacking groups, who are now targeting cryptocurrency holders with a surprisingly sophisticated campaign. 

The attackers use social engineering to send fake Zoom updates via platforms like Telegram and Google Meet, tricking users into installing what seems like a video conferencing update — but is actually a custom-built backdoor.

Written in the obscure Nim programming language, NimDoor is difficult for antivirus tools to detect. 

Once installed, it quietly exfiltrates sensitive data like browser-stored passwords, Telegram session data, and most critically, crypto wallet credentials. 

It even monitors clipboard content, looking for seed phrases or wallet addresses.

The malware reinstalls itself whenever it’s shut down, making it particularly hard to remove once embedded.

Crypto Wallets Are the Prime Target

The rise of malware like NimDoor reflects a growing trend: cybercriminals aren’t just chasing passwords anymore — they’re going straight for crypto wallets.

NimDoor is engineered to target browser-based wallets, insecure key storage, and users who copy and paste sensitive information like private keys or seed phrases.

If you’re relying on a browser extension or an exchange wallet, you’re especially at risk. These platforms store data in predictable places — which is exactly what this kind of malware is designed to exploit.

While macOS has historically been seen as a more secure operating system, NimDoor proves that no system is immune when attackers are this determined.

How to Protect Your Crypto in 2025

As these threats evolve, the best defense remains the same: self-custody combined with strong operational habits — also known as wallet hygiene.

Wallet hygiene refers to the daily habits that protect your keys, like how you store seed phrases, copy addresses, and using secure wallets. 

Here are a few best practices to reduce your risk:

• Avoid browser wallets that store keys in local storage or are accessible through your browser profile.
• Use hardware wallets or self-custody mobile wallets with secure enclaves and biometric access.
• Never store your seed phrase on your computer, clipboard, screenshots, or cloud storage.
• Update your OS and antivirus software regularly — and never install Zoom updates from unverified links or chat messages.

Staying secure in 2025 means understanding that threats are evolving — and that wallet hygiene, storage practices, and update sources all matter.

Crypto self-custody remains a powerful form of control, but only when managed with care and awareness of the risks.

Don’t Wait for a Wake-Up Call

NimDoor is just the latest example of how quickly the threat landscape is evolving — and how crypto holders are becoming prime targets. This isn’t just about one piece of malware. It’s about a fundamental shift in how hackers operate: stealthier code, more believable traps, and a relentless focus on digital assets.

Staying safe doesn’t mean being paranoid — it means being prepared. Understanding how these threats work is the first step.

How to Secure Your Crypto Tokens

Whether you’re holding a little or a lot, using secure, self-custody solutions isn’t just part of the game – it’s the game in which every other thing is built on. 

Among the best options to fully secure your crypto tokens is Best Wallet, a comprehensive no-KYC solution that gives users full control over their assets, making it immune to increasing wallet-targeted scams. 

Most importantly, its security-focused design, powered by the integration of Fireblocks, ensures that there is no single point of failure that cyber criminals can exploit. 

Other key security measures like unique passcodes, biometric and two-factor authentication, regular security updates and communication through its social media channels, and many more, help protect users against phishing, malware, and drainer attacks that continue to spread across the crypto space. 

But security is just one of the key elements that have solidified Best Wallet’s market position. Best Wallet also stands out by offering advanced trading features, beyond basic wallet capabilities like storage, cross-chain swaps, and fiat payment. 

Some of the elevated features on the Best Wallet app include a staking aggregator, token launchpad, gas token-free transactions, MEV protection, iGaming, derivatives trading, portfolio tracking, and a whole lot more, making a one-stop shop for everything crypto.

And as the market matures and security risks grow harder to ignore, experts believe trusted self-custody tools like Best Wallet have become more critical than ever.  

Download Best Wallet

This article has been provided by one of our commercial partners and does not reflect Cryptonomist’s opinion. Please be aware our commercial partners may use affiliate programs to generate revenues through the links on this article.