{"id":137721,"date":"2026-07-05T12:58:11","date_gmt":"2026-07-05T05:58:11","guid":{"rendered":"https:\/\/bitcoinvn.io\/insights\/?p=137721"},"modified":"2026-07-05T12:58:11","modified_gmt":"2026-07-05T05:58:11","slug":"nimdoor-macos-attack","status":"publish","type":"post","link":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/","title":{"rendered":"NimDoor Post-Mortem: A Sophisticated macOS Attack on Crypto Targets\u00a0"},"content":{"rendered":"<p><b><i>NimDoor<\/i><\/b><i><span style=\"font-weight: 400;\"> is a macOS malware family linked to DPRK-affiliated threat actors that was deployed against Web3 organizations and cryptocurrency businesses. While the original disclosure is no longer recent news, it remains a valuable case study in how sophisticated attackers continue to evolve their techniques against the digital asset industry.\u00a0<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">NimDoor employed multiple techniques to evade analysis, maintain persistence, and complicate incident response. According to SentinelOne, the malware injected malicious code into legitimate processes, established multiple persistence mechanisms, encrypted its communications with command-and-control (C2) infrastructure, and selectively harvested browser data, Apple Keychain items, Telegram data, and other sensitive information.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Several of these techniques are relatively uncommon on macOS and demonstrate that sophisticated threat actors continue to invest heavily in malware specifically designed for Apple&#8217;s ecosystem. The campaign serves as a reminder that choosing macOS alone is not sufficient protection against well-resourced attackers.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-137726 size-full\" src=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-5.webp\" alt=\"\" width=\"800\" height=\"533\" srcset=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-5.webp 800w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-5-300x200.webp 300w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-5-768x512.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/p>\n<h2><b>Attack Chain &amp; Key Techniques<\/b><\/h2>\n<h3><b>Initial access<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The attack begins with a targeted social engineering campaign. Attackers impersonate a trusted contact on Telegram, invite the victim to schedule a meeting through Calendly, and ultimately persuade them to visit a fake Zoom-related update page before joining the call.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-137724 size-full\" src=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-3.webp\" alt=\"\" width=\"800\" height=\"533\" srcset=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-3.webp 800w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-3-300x200.webp 300w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-3-768x512.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Victims are then directed to a phishing page disguised as a <\/span><b>Zoom SDK update<\/b><span style=\"font-weight: 400;\">, which delivers a malicious AppleScript file named <\/span><b>zoom_sdk_support.scpt<\/b><span style=\"font-weight: 400;\"> from a domain impersonating Zoom. Once executed, the script connects to the attackers\u2019 command-and-control (C2) infrastructure, downloads additional payloads, and initiates the next stages of the compromise.<\/span><\/p>\n<h3><b>What happened after infection<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Once the victim executed the malicious AppleScript, the attack moved from social engineering into malware execution. The script downloaded additional malware components, one of which injected malicious code into another process while additional malware components established persistence mechanisms designed to help the malware remain active across system restarts.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The malware communicated with attacker-controlled command-and-control (C2) infrastructure, allowing the operators to issue further instructions, retrieve additional modules, and maintain access to the compromised system.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Most importantly for cryptocurrency users, NimDoor was designed to collect sensitive information from the infected machine. This included browser data, Apple Keychain items, shell history, Telegram application data, and other artifacts that could help attackers hijack accounts, steal credentials, or move deeper into a victim\u2019s operational environment.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-137723 size-full\" src=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-2.webp\" alt=\"\" width=\"800\" height=\"533\" srcset=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-2.webp 800w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-2-300x200.webp 300w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-2-768x512.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/p>\n<h2><b>The Human Element: NimDoor&#8217;s Real Attack Vector\u00a0<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The most important lesson from the NimDoor campaign is that the attackers did not initially exploit a vulnerability in macOS. Instead, they exploited <\/span><b>human trust<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Victims were carefully approached on Telegram by attackers impersonating trusted contacts, invited to schedule a meeting through Calendly, and ultimately persuaded to install what appeared to be a legitimate Zoom SDK update. Only after the victim voluntarily executed the malware did the technical stages of the attack begin.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For cryptocurrency users, the primary lesson is clear: a single moment of inattention is often your greatest security risk.<\/span><b> Unless you have systems in place to cleanly separate your critical infrastructure and signing capabilities from your primary work and browsing device<\/b><span style=\"font-weight: 400;\">, a successful compromise can quickly escalate from a single infected workstation into a devastating incident affecting both your organization and your personal financial situation.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-137725 size-full\" src=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-4.webp\" alt=\"\" width=\"800\" height=\"533\" srcset=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-4.webp 800w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-4-300x200.webp 300w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-4-768x512.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/p>\n<h2><b>NimDoor prevention and security best practices<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Although NimDoor employed sophisticated malware techniques, the initial compromise relied primarily on social engineering rather than a vulnerability in macOS itself.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For individuals and organizations working with digital assets, several practical precautions can significantly reduce the risk of a similar attack:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Verify unexpected meeting invitations and software update requests through an independent communication channel.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Never install software or &#8220;updates&#8221; received through Telegram, email, or direct messages.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Download Zoom, browser, wallet, and operating system updates only from official vendor websites or built-in update mechanisms.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Apply the principle of least privilege and avoid using administrator accounts for routine work whenever practical.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Never store recovery seeds, private keys, or other sensitive credentials on day-to-day workstations.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Where practical, separate critical infrastructure and wallet signing devices from your primary work and browsing environment.<\/span><\/li>\n<\/ul>\n<figure id=\"attachment_137728\" aria-describedby=\"caption-attachment-137728\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-137728 size-full\" src=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-7.webp\" alt=\"Prevention can be simple: a hardware signing device keeps your private keys separate from your everyday workstation, reducing the impact if that workstation becomes infected with malware\" width=\"800\" height=\"852\" srcset=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-7.webp 800w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-7-282x300.webp 282w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-7-768x818.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-137728\" class=\"wp-caption-text\">Prevention can be simple: a hardware signing device keeps your private keys separate from your everyday workstation, reducing the impact if that workstation becomes infected with malware<\/figcaption><\/figure>\n<h2><b>Conclusion<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">NimDoor demonstrates the level of sophistication that DPRK-linked threat actors are willing to deploy against the cryptocurrency ecosystem. While its malware components employed advanced persistence, process injection, and data theft techniques, the campaign ultimately succeeded by exploiting human trust rather than breaking macOS itself.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The incident reinforces a timeless security principle: the strongest technical defenses can be undermined by a single successful social engineering attack. Combining good operational security, device segregation, trusted software sources, and healthy skepticism toward unexpected requests remains one of the most effective ways to defend against modern targeted threats.<\/span><\/p>\n<h2><b>Based in Vietnam and looking to strengthen your digital asset security?<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Our colleagues at BitcoinVN Shop offer a carefully selected range of hardware signing devices (commonly known as hardware wallets) from leading manufacturers including <\/span><a href=\"https:\/\/bitcoinvn.io\/shop\/product-category\/hardware-wallets\/\" target=\"_blank\" rel=\"noopener\"><b>Trezor, Ledger, Coinkite, Blockstream,<\/b><span style=\"font-weight: 400;\"> and <\/span><b>Keystone<\/b><span style=\"font-weight: 400;\">.<\/span><\/a><span style=\"font-weight: 400;\"> These devices help physically separate your private keys from your everyday work environment, significantly reducing the impact of a compromised workstation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Even if your everyday workstation is compromised, a properly configured hardware signing device ensures that your private keys remain isolated from the infected computer.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For long-term recovery seed protection, <\/span><a href=\"https:\/\/bitcoinvn.io\/shop\/steel-plate-for-seedphrase\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">BitcoinVN Shop also offers durable steel backup solutions<\/span><\/a><span style=\"font-weight: 400;\"> designed to withstand fire, water, and other physical hazards.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-137727 size-full\" src=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-6.webp\" alt=\"\" width=\"800\" height=\"800\" srcset=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-6.webp 800w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-6-300x300.webp 300w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-6-150x150.webp 150w, https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-6-768x768.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">All products are dispatched directly from our Vietnam-based warehouse, eliminating the uncertainty and delays often associated with international shipping and customs.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For users who prefer maximum privacy, hardware wallets can also be collected in person from our <\/span><b>Saigon headquarters<\/b><span style=\"font-weight: 400;\"> or <\/span><a href=\"https:\/\/bitcoinvn.io\/shop\/bitcoffee-partnership\/\" target=\"_blank\" rel=\"noopener\"><b>Da Nang showroom<\/b><\/a><span style=\"font-weight: 400;\">, minimizing the amount of personal information shared during the purchasing process.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you are new to self-custody or would like a professional review of your current security setup, the <\/span><a href=\"https:\/\/bitcoinvn.io\/consulting\/\" target=\"_blank\" rel=\"noopener\"><b>BitcoinVN Consulting<\/b><\/a><span style=\"font-weight: 400;\"> team is also available to help you build a robust operational security strategy from the outset &#8211; <\/span><i><span style=\"font-weight: 400;\">before<\/span><\/i><span style=\"font-weight: 400;\"> a costly mistake becomes a painful lesson.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NimDoor is a macOS malware family linked to DPRK-affiliated threat actors that was deployed against Web3 organizations and cryptocurrency businesses. While the original disclosure is no longer recent news, it remains a valuable case study in how sophisticated attackers continue to evolve their techniques against the digital asset industry.\u00a0 NimDoor employed multiple techniques to evade [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":137722,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10528],"tags":[],"class_list":["post-137721","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersec-custody"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NimDoor: Sophisticated macOS Crypto Attack<\/title>\n<meta name=\"description\" content=\"Discover how the sophisticated NimDoor malware targets macOS crypto users in this detailed security post-mortem. Stay protected!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NimDoor: Sophisticated macOS Crypto Attack\" \/>\n<meta property=\"og:description\" content=\"Discover how the sophisticated NimDoor malware targets macOS crypto users in this detailed security post-mortem. Stay protected!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"BV Insights\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/www.bitcoinvn.io\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-05T05:58:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"392\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"lienbvn\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@bitcoin_vietnam\" \/>\n<meta name=\"twitter:site\" content=\"@bitcoin_vietnam\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"lienbvn\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/\"},\"author\":{\"name\":\"lienbvn\",\"@id\":\"https:\/\/bitcoinvn.io\/insights\/#\/schema\/person\/8b23287ffcb8cfc1d2329d17d10582d7\"},\"headline\":\"NimDoor Post-Mortem: A Sophisticated macOS Attack on Crypto Targets\u00a0\",\"datePublished\":\"2026-07-05T05:58:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/\"},\"wordCount\":989,\"publisher\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/#organization\"},\"image\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp\",\"articleSection\":[\"CyberSec &amp; Custody\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/\",\"url\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/\",\"name\":\"NimDoor: Sophisticated macOS Crypto Attack\",\"isPartOf\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp\",\"datePublished\":\"2026-07-05T05:58:11+00:00\",\"description\":\"Discover how the sophisticated NimDoor malware targets macOS crypto users in this detailed security post-mortem. Stay protected!\",\"breadcrumb\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#primaryimage\",\"url\":\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp\",\"contentUrl\":\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp\",\"width\":800,\"height\":392},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/bitcoinvn.io\/insights\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CyberSec &amp; Custody\",\"item\":\"https:\/\/bitcoinvn.io\/insights\/category\/cybersec-custody\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"NimDoor Post-Mortem: A Sophisticated macOS Attack on Crypto Targets\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bitcoinvn.io\/insights\/#website\",\"url\":\"https:\/\/bitcoinvn.io\/insights\/\",\"name\":\"BV Insights\",\"description\":\"News source for cryptocurrencies, Bitcoin, and blockchain in Vietnam\",\"publisher\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bitcoinvn.io\/insights\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/bitcoinvn.io\/insights\/#organization\",\"name\":\"BitcoinVN\",\"alternateName\":\"Bitcoin Vietnam\",\"url\":\"https:\/\/bitcoinvn.io\/insights\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bitcoinvn.io\/insights\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2023\/07\/cropped-icon.png\",\"contentUrl\":\"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2023\/07\/cropped-icon.png\",\"width\":512,\"height\":512,\"caption\":\"BitcoinVN\"},\"image\":{\"@id\":\"https:\/\/bitcoinvn.io\/insights\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/www.bitcoinvn.io\",\"https:\/\/x.com\/bitcoin_vietnam\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/bitcoinvn.io\/insights\/#\/schema\/person\/8b23287ffcb8cfc1d2329d17d10582d7\",\"name\":\"lienbvn\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/5f1e7c2dd58f980784599c384aa6d6c7673fe1a569662f203624203f0d48a728?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5f1e7c2dd58f980784599c384aa6d6c7673fe1a569662f203624203f0d48a728?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5f1e7c2dd58f980784599c384aa6d6c7673fe1a569662f203624203f0d48a728?s=96&d=mm&r=g\",\"caption\":\"lienbvn\"},\"url\":\"https:\/\/bitcoinvn.io\/insights\/author\/lienbvn\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NimDoor: Sophisticated macOS Crypto Attack","description":"Discover how the sophisticated NimDoor malware targets macOS crypto users in this detailed security post-mortem. Stay protected!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/","og_locale":"en_US","og_type":"article","og_title":"NimDoor: Sophisticated macOS Crypto Attack","og_description":"Discover how the sophisticated NimDoor malware targets macOS crypto users in this detailed security post-mortem. Stay protected!","og_url":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/","og_site_name":"BV Insights","article_publisher":"https:\/\/facebook.com\/www.bitcoinvn.io","article_published_time":"2026-07-05T05:58:11+00:00","og_image":[{"width":800,"height":392,"url":"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp","type":"image\/webp"}],"author":"lienbvn","twitter_card":"summary_large_image","twitter_creator":"@bitcoin_vietnam","twitter_site":"@bitcoin_vietnam","twitter_misc":{"Written by":"lienbvn","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#article","isPartOf":{"@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/"},"author":{"name":"lienbvn","@id":"https:\/\/bitcoinvn.io\/insights\/#\/schema\/person\/8b23287ffcb8cfc1d2329d17d10582d7"},"headline":"NimDoor Post-Mortem: A Sophisticated macOS Attack on Crypto Targets\u00a0","datePublished":"2026-07-05T05:58:11+00:00","mainEntityOfPage":{"@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/"},"wordCount":989,"publisher":{"@id":"https:\/\/bitcoinvn.io\/insights\/#organization"},"image":{"@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp","articleSection":["CyberSec &amp; Custody"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/","url":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/","name":"NimDoor: Sophisticated macOS Crypto Attack","isPartOf":{"@id":"https:\/\/bitcoinvn.io\/insights\/#website"},"primaryImageOfPage":{"@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#primaryimage"},"image":{"@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp","datePublished":"2026-07-05T05:58:11+00:00","description":"Discover how the sophisticated NimDoor malware targets macOS crypto users in this detailed security post-mortem. Stay protected!","breadcrumb":{"@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#primaryimage","url":"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp","contentUrl":"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2026\/07\/NimDoor-1.webp","width":800,"height":392},{"@type":"BreadcrumbList","@id":"https:\/\/bitcoinvn.io\/insights\/nimdoor-macos-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bitcoinvn.io\/insights\/"},{"@type":"ListItem","position":2,"name":"CyberSec &amp; Custody","item":"https:\/\/bitcoinvn.io\/insights\/category\/cybersec-custody\/"},{"@type":"ListItem","position":3,"name":"NimDoor Post-Mortem: A Sophisticated macOS Attack on Crypto Targets\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/bitcoinvn.io\/insights\/#website","url":"https:\/\/bitcoinvn.io\/insights\/","name":"BV Insights","description":"News source for cryptocurrencies, Bitcoin, and blockchain in Vietnam","publisher":{"@id":"https:\/\/bitcoinvn.io\/insights\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bitcoinvn.io\/insights\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/bitcoinvn.io\/insights\/#organization","name":"BitcoinVN","alternateName":"Bitcoin Vietnam","url":"https:\/\/bitcoinvn.io\/insights\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bitcoinvn.io\/insights\/#\/schema\/logo\/image\/","url":"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2023\/07\/cropped-icon.png","contentUrl":"https:\/\/bitcoinvn.io\/insights\/wp-content\/uploads\/2023\/07\/cropped-icon.png","width":512,"height":512,"caption":"BitcoinVN"},"image":{"@id":"https:\/\/bitcoinvn.io\/insights\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/www.bitcoinvn.io","https:\/\/x.com\/bitcoin_vietnam"]},{"@type":"Person","@id":"https:\/\/bitcoinvn.io\/insights\/#\/schema\/person\/8b23287ffcb8cfc1d2329d17d10582d7","name":"lienbvn","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5f1e7c2dd58f980784599c384aa6d6c7673fe1a569662f203624203f0d48a728?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5f1e7c2dd58f980784599c384aa6d6c7673fe1a569662f203624203f0d48a728?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5f1e7c2dd58f980784599c384aa6d6c7673fe1a569662f203624203f0d48a728?s=96&d=mm&r=g","caption":"lienbvn"},"url":"https:\/\/bitcoinvn.io\/insights\/author\/lienbvn\/"}]}},"lang":"en","translations":{"en":137721,"ru":137730,"ko":137733,"ja":137732,"zh":137731,"vi":137729},"pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/posts\/137721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/comments?post=137721"}],"version-history":[{"count":2,"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/posts\/137721\/revisions"}],"predecessor-version":[{"id":137744,"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/posts\/137721\/revisions\/137744"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/media\/137722"}],"wp:attachment":[{"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/media?parent=137721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/categories?post=137721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinvn.io\/insights\/wp-json\/wp\/v2\/tags?post=137721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}