Alarming macOS Malware Uses Sneaky Tricks to Steal Keychain Passwords

A new malware called NimDoor is making waves in the Apple world. This malware is different from what we usually see on macOS. It targets people who work with Web3 technologies and cryptocurrency, trying to steal their private information and money.

The attackers begin by pretending to be someone the victim knows. They contact the victim through Telegram, a popular messaging app. They then suggest a fake business meeting and send what looks like a normal Zoom invitation. But instead of a real meeting, they trick people into downloading a dangerous file.

This file is disguised as a “Zoom SDK update script,” which sounds official. The download link comes from a fake website that looks very close to Zoom’s real support page. Once the victim downloads and runs this file, the malware silently gets into the system and begins its work.

What makes NimDoor especially dangerous is how deeply it hides inside the computer. It doesn’t behave like most other Mac viruses. Instead of being easy to spot, it uses a secret method called process injection. This allows the malware to sneak into other apps running on the Mac, so it can hide and keep working without being noticed.

Smart Coding and Stealthy Behavior

The malware is built using several programming languages. It uses AppleScript to enter the system, C++ to inject its code into other apps, and a rare language called Nim to run its main features. This combination makes it hard for security tools to understand what the malware is doing.

One clever feature of NimDoor is how it avoids being shut down. Normally, if someone finds a virus, they can force it to stop running. But NimDoor has a secret trick. It listens for system signals that usually tell programs to shut down — like SIGINT and SIGTERM.

To make sure it starts every time the computer is turned on, the malware places a file in the LaunchAgents folder. This is a normal part of macOS that allows apps to open automatically when the computer starts.

What the Malware Tries to Steal

Once NimDoor is running on the victim’s Mac, it begins its main mission — stealing private data. One of the first things it does is try to grab Keychain credentials. Keychain is Apple’s system that stores all your passwords, so if hackers get into it, they can access your emails, bank accounts, and more.

The malware also goes after web browsers. It looks inside popular apps like Google Chrome and Firefox to collect saved passwords and browsing history. It can even spy on Telegram messages to steal sensitive conversations.

All this stolen data is sent back to the hackers using the encrypted channel mentioned earlier. Because of the advanced encryption, even companies that monitor internet traffic might not notice that something bad is happening.

🔐 Brazil’s Banking Backbone Breached: Major Cyberattack Hits C&M Software, Threatens Central Bank Links

This level of technical skill is rare in macOS malware. It shows that the people behind NimDoor spent a lot of time making sure their malware could stay hidden, work efficiently, and avoid being removed. From its fake Zoom invite to its secret updates and encrypted messages, NimDoor is one of the most advanced macOS threats seen in recent years.

Apple users — especially those in crypto and Web3 spaces — are the main targets. The malware is designed to blend in, act like a normal part of the system, and steal valuable information without raising red flags.

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

WestJet Reveals Passenger Data Breach Raising Security Concerns

Suspicious Activity Detected in June Canadian airline WestJet has confirmed...

Japanese beer giant Asahi confirms cyberattack halts shipping and ordering in Japan temporarily

Japanese beer giant Asahi has confirmed a cyber attack...

Leaked emails expose Epstein’s secret hand in Israel–Mongolia security pact with Barak

A new set of leaked emails shows Jeffrey Epstein...

Award stage turns battlefield as Harris brands Trump an unchecked, incompetent and unhinged President

Kamala Harris, the former vice president and 2024 Democratic...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Federal firepower hits AOC’s Queens district as FBI targets Roosevelt Avenue crime empire

The FBI has moved into action in Queens, New...

Book bombshell: Harris says Newsom never called back after dismissive ‘Hiking’ message

Former Vice President Kamala Harris is making headlines again,...

South Korea reels from wave of cyberattacks — nearly 1 million personal records stolen in 2025

Cyberattacks on South Korea’s state agencies have reached alarming...

Kristi Noem Accused of Rushing Millions to Florida Pier Near Rumored Lover’s Home

Homeland Security Secretary Kristi Noem faces serious questions. A...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Suspicious Activity Detected in June Canadian airline WestJet has confirmed...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Book bombshell: Harris says Newsom never called back after dismissive ‘Hiking’ message

Former Vice President Kamala Harris is making headlines again,...

Related Articles

Popular Categories

error: Content is protected !!