North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
02 July 2025
Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.
"Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,"