Fake Zoom Updates Used In Crypto Hack Campaign - 1

Image by Compare Fiber, from Unsplash

Fake Zoom Updates Used In Crypto Hack Campaign

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A North Korean hacking group is behind a new way of cyberattacks on Web3 and cryptocurrency companies, using a rare type of macOS malware.

In a rush? Here are the quick facts:

  • North Korean hackers target crypto firms with advanced macOS malware.
  • Malware uses Nim language and fake Zoom updates.
  • Victims contacted via Telegram with social engineering.

Researchers at Sentinel Labs have identified this malware family as NimDoor because it utilizes the obscure programming language Nim.

The attack starts with a social engineering trick. The attackers reach their targets through Telegram by impersonating colleagues. They then ask the victims to execute a “Zoom SDK update script” after sending them a fake Zoom meeting link. The malicious script, which contains 10,000 blank lines and a single typo (“Zook” instead of “Zoom”), then downloads 2 executable files.

Once triggered, the malware downloads and installs several harmful programs, including one that can steal login credentials, browser data, and Telegram chat history. Another script secretly copies users’ system files, Keychain data, and even terminal history, sending it all back to a remote server.

Unlike most macOS malware, NimDoor uses advanced methods like process injection alongside encrypted WebSocket Secure (wss) communication. The malware becomes increasingly difficult to detect because of its advanced features, which enable secure communication with command servers.

A standout feature is its persistence mechanism: even if a user or system tries to stop the malware, it re-installs itself using macOS’s own signal handling tools (SIGINT/SIGTERM).

“Threat actors are continuing to explore cross-platform languages that introduce new levels of complexity for analysts,” wrote Sentinel Labs researchers Phil Stokes and Raffaele Sabato. They warn that attackers’ use of Nim and AppleScript, along with fake update lures, shows a new level of sophistication.

Security experts recommend that Web3 and crypto platforms need to enhance their security measures while teaching staff about social engineering techniques, given that this malware campaign demonstrates how attackers can use trust exploitation to penetrate secure systems.

Microsoft To Lay Off 9,000 Employees, About 4% of Workforce - 2

Photo by Praswin Prakashan on Unsplash

Microsoft To Lay Off 9,000 Employees, About 4% of Workforce

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Microsoft announced it will lay off around 9,000 employees on Wednesday. The decision affects nearly 4% of its workforce across different teams, roles, and locations.

In a rush? Here are the quick facts:

  • Microsoft announced it will lay off around 9,000 employees, nearly 4% of its workforce.
  • The layoffs will impact roles in marketing and the gaming division, and the company also plans to reduce the number of managers.
  • In May, the tech giant cut around 6,000 jobs.

According to Reuters , Microsoft employed around 228,000 people as of June 2024. Since then, the company has undergone several rounds of layoffs. It announced job cuts from its Xbox gaming units in September , followed by a smaller reduction of less than 1% in January. The most significant wave came in May this year, affecting around 6,000 workers.

The latest layoffs will impact roles in marketing and the gaming division, and the company also plans to reduce the number of managers to streamline its organizational structure.

Experts suggest the company is also looking to cut costs following major investments in AI technology. OpenAI and Microsoft are reportedly negotiating a multibillion-dollar partnership .

The first wave of layoffs in this round was reported in Seattle and at Microsoft’s Barcelona-based King division, where the company cut 10% of its staff—about 200 employees.

“We continue to implement organizational changes necessary to best position the company and teams for success in a dynamic marketplace,” said a spokesperson from Microsoft in an email.

According to CNBC, the announcement comes at the end of Microsoft’s fiscal year, a time when the company typically makes structural adjustments to prepare for the next fiscal cycle.

In 2023, Microsoft laid off 10,000 employees, and its record was in 2014, when 18,000 jobs were cut following the acquisition of Nokia.

A source familiar with the matter explained that, this time, Microsoft wants to reduce layers between individual contributors and top executives.

“To position Gaming for enduring success and allow us to focus on strategic growth areas, we will end or decrease work in certain areas of the business and follow Microsoft’s lead in removing layers of management to increase agility and effectiveness,” wrote Phil Spencer, Microsoft’s CEO of gaming, in the internal memo sent to employees.

Microsfort reported a $26 billion in net income for the March quarter, keeping its ranking as one of the most profitable companies in the S&P 500 index.