{"id":50687,"date":"2025-07-03T15:03:12","date_gmt":"2025-07-03T15:03:12","guid":{"rendered":"https:\/\/thecryptocurrencypost.net\/es\/?p=50687"},"modified":"2026-05-12T06:21:48","modified_gmt":"2026-05-12T06:21:48","slug":"hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom","status":"publish","type":"post","link":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/","title":{"rendered":"Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom"},"content":{"rendered":"<p style=\"text-align: justify\"><span data-preserver-spaces=\"true\">Puntos Clave de la Noticia<\/span><\/p>\n<ul style=\"text-align: justify\">\n<li><strong><span data-preserver-spaces=\"true\">Hackers norcoreanos enga\u00f1an a profesionales cripto con actualizaciones falsas<\/span><\/strong><span data-preserver-spaces=\"true\"> de Zoom a trav\u00e9s de enlaces de Telegram y Calendly, implementando la escurridiza puerta trasera NimDoor en macOS.<\/span><\/li>\n<li><strong><span data-preserver-spaces=\"true\">Desarrollado en Nim para evadir Gatekeeper y herramientas antivirus<\/span><\/strong><span data-preserver-spaces=\"true\">, NimDoor persiste al inicio y recopila contrase\u00f1as del navegador, datos de Telegram y seeds de cripto wallets para su exfiltraci\u00f3n.<\/span><\/li>\n<li><strong><span data-preserver-spaces=\"true\">Los equipos de seguridad deben bloquear los instaladores sin firmar<\/span><\/strong><span data-preserver-spaces=\"true\"><span data-preserver-spaces=\"true\">, restringir las actualizaciones a dominios de confianza, auditar las invitaciones de Telegram, deshabilitar la ejecuci\u00f3n autom\u00e1tica de scripts y reforzar la concienciaci\u00f3n de los usuarios sobre el phishing.<\/span><\/span><br \/>\n<hr \/>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify\"><strong><span data-preserver-spaces=\"true\">Los hackers norcoreanos han <\/span><a class=\"editor-rtfLink\" href=\"https:\/\/www.sentinelone.com\/labs\/macos-nimdoor-dprk-threat-actors-target-web3-and-crypto-platforms-with-nim-based-malware\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span data-preserver-spaces=\"true\">perfeccionado<\/span><\/a><span data-preserver-spaces=\"true\"> sus herramientas de ingenier\u00eda social enga\u00f1ando a profesionales <\/span><a class=\"editor-rtfLink\" href=\"https:\/\/thecryptocurrencypost.net\/es\/noticias-criptomonedas\/\" target=\"_blank\" rel=\"noopener\"><span data-preserver-spaces=\"true\">cripto<\/span><\/a><span data-preserver-spaces=\"true\"> para que descarguen una actualizaci\u00f3n falsa de Zoom<\/span><\/strong><span data-preserver-spaces=\"true\">. Los objetivos reciben mensajes de Telegram que prometen un parche de seguridad urgente, seguidos de un enlace de Calendly para programar una reuni\u00f3n obligatoria.<\/span><!--more--><\/p>\n<p style=\"text-align: justify\"><span data-preserver-spaces=\"true\">Cuando la v\u00edctima instala la supuesta actualizaci\u00f3n de Zoom en macOS, NimDoor se infiltra silenciosamente en el sistema, eludiendo las comprobaciones de seguridad de Apple y las protecciones de Gatekeeper para establecerse en segundos.<\/span><\/p>\n<h2 style=\"text-align: left\"><span data-preserver-spaces=\"true\">La Puerta Trasera de NimDoor Evade las Protecciones de MacOS<\/span><\/h2>\n<p style=\"text-align: justify\"><strong><span data-preserver-spaces=\"true\">Lo que hace \u00fanico a NimDoor es su inusual selecci\u00f3n de lenguaje de programaci\u00f3n: Nim.<\/span><\/strong><span data-preserver-spaces=\"true\"> Las herramientas de seguridad convencionales y las comprobaciones de firmas integradas de Apple no reconocen sus patrones de c\u00f3digo, lo que le otorga a la puerta trasera un acceso pr\u00e1cticamente libre. <\/span><\/p>\n<p style=\"text-align: justify\"><span data-preserver-spaces=\"true\">Una vez ejecutado, <\/span><strong><span data-preserver-spaces=\"true\">NimDoor instala un agente de elemento de inicio de sesi\u00f3n que garantiza una ejecuci\u00f3n persistente en cada arranque<\/span><\/strong><span data-preserver-spaces=\"true\">. <\/span><span data-preserver-spaces=\"true\">A partir de ah\u00ed, extrae silenciosamente cargas \u00fatiles de seguimiento, modificando su comportamiento para evadir la detecci\u00f3n est\u00e1tica y de comportamiento en los ciclos de modificaci\u00f3n de c\u00f3digo europeos.<\/span><\/p>\n<h2 style=\"text-align: left\"><span data-preserver-spaces=\"true\">Robo de Credenciales de Wallets y Datos Confidenciales<\/span><\/h2>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-50688\" src=\"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/MacOSNimDoorMalware.jpg\" alt=\"Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom\" width=\"699\" height=\"280\" srcset=\"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/MacOSNimDoorMalware.jpg 699w, https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/MacOSNimDoorMalware-300x120.jpg 300w, https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/MacOSNimDoorMalware-585x234.jpg 585w\" sizes=\"(max-width: 699px) 100vw, 699px\" \/><\/p>\n<p style=\"text-align: justify\"><strong><span data-preserver-spaces=\"true\">Con privilegios de sistema en su poder, NimDoor rastrea los perfiles del navegador en busca de contrase\u00f1as almacenadas y ceros en las bases de datos de Telegram<\/span><\/strong><span data-preserver-spaces=\"true\">. Luego, rastrea directorios locales en busca de archivos de wallets de criptomonedas, frases semilla, JSON de almac\u00e9n de claves y llaveros locales, prepar\u00e1ndolos para la exfiltraci\u00f3n.<\/span><\/p>\n<p style=\"text-align: justify\"><span data-preserver-spaces=\"true\">La firma de inteligencia de amenazas TRM Labs se\u00f1ala que los operadores de la RPDC han desviado m\u00e1s de $1.600 millones de empresas de Web3 y criptomonedas en lo que va de 2025, lo que subraya el posible papel de NimDoor en este lucrativo bot\u00edn.<\/span><\/p>\n<h2 style=\"text-align: left\"><span data-preserver-spaces=\"true\">Recomendaciones para Fortalecer las Defensas de las Empresas cripto<\/span><\/h2>\n<p style=\"text-align: justify\"><strong><span data-preserver-spaces=\"true\">Los expertos en seguridad instan a las empresas a bloquear los paquetes de instalaci\u00f3n sin firmar en el per\u00edmetro de la red y restringir los sistemas macOS<\/span><\/strong><span data-preserver-spaces=\"true\"> para que obtengan actualizaciones \u00fanicamente de dominios verificados como zoom.us. Los equipos de TI deben auditar los contactos reci\u00e9n agregados de Telegram y desactivar la ejecuci\u00f3n autom\u00e1tica de scripts para las invitaciones a reuniones descargadas.<\/span><\/p>\n<p style=\"text-align: justify\"><span data-preserver-spaces=\"true\">La revisi\u00f3n peri\u00f3dica de las entradas de los elementos de inicio de sesi\u00f3n y el empleo de agentes de IA conductual pueden detectar mecanismos de persistencia clandestinos. Sobre todo, la formaci\u00f3n continua de los usuarios sigue siendo fundamental; un clic err\u00f3neo en una actualizaci\u00f3n falsa es todo lo que necesita un atacante.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Puntos Clave de la Noticia Hackers norcoreanos enga\u00f1an a profesionales cripto con actualizaciones falsas de Zoom a trav\u00e9s de enlaces de Telegram y Calendly, implementando la escurridiza puerta trasera NimDoor en macOS. Desarrollado en Nim para evadir Gatekeeper y herramientas antivirus, NimDoor persiste al inicio y recopila contrase\u00f1as del navegador, datos de Telegram y seeds [&hellip;]<\/p>\n","protected":false},"author":28,"featured_media":50689,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[80,33,22,2059],"tags":[420,140,326],"class_list":["post-50687","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-companias","category-editors-picks","category-noticias-criptomonedas","category-seguridad","tag-corea-del-norte","tag-criptomonedas","tag-hacker"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom The CryptoCurrency Post ESP<\/title>\n<meta name=\"description\" content=\"Los hackers norcoreanos han perfeccionado sus herramientas de ingenier\u00eda social enga\u00f1ando a profesionales cripto para que descarguen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom The CryptoCurrency Post ESP\" \/>\n<meta property=\"og:description\" content=\"Los hackers norcoreanos han perfeccionado sus herramientas de ingenier\u00eda social enga\u00f1ando a profesionales cripto para que descarguen.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/\" \/>\n<meta property=\"og:site_name\" content=\"The CryptoCurrency Post ESP\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-03T15:03:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-12T06:21:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/NorthKoreaHackersMacOS.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"768\" \/>\n\t<meta property=\"og:image:height\" content=\"399\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jos\u00e9 Miguel Carrillo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jos\u00e9 Miguel Carrillo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom The CryptoCurrency Post ESP","description":"Los hackers norcoreanos han perfeccionado sus herramientas de ingenier\u00eda social enga\u00f1ando a profesionales cripto para que descarguen.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/","og_locale":"es_ES","og_type":"article","og_title":"Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom The CryptoCurrency Post ESP","og_description":"Los hackers norcoreanos han perfeccionado sus herramientas de ingenier\u00eda social enga\u00f1ando a profesionales cripto para que descarguen.","og_url":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/","og_site_name":"The CryptoCurrency Post ESP","article_published_time":"2025-07-03T15:03:12+00:00","article_modified_time":"2026-05-12T06:21:48+00:00","og_image":[{"width":768,"height":399,"url":"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/NorthKoreaHackersMacOS.jpg","type":"image\/jpeg"}],"author":"Jos\u00e9 Miguel Carrillo","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"Jos\u00e9 Miguel Carrillo","Tiempo de lectura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/#article","isPartOf":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/"},"author":{"name":"Jos\u00e9 Miguel Carrillo","@id":"https:\/\/thecryptocurrencypost.net\/es\/#\/schema\/person\/b97af1cf76633b27e9376ca0d59f14ed"},"headline":"Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom","datePublished":"2025-07-03T15:03:12+00:00","dateModified":"2026-05-12T06:21:48+00:00","mainEntityOfPage":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/"},"wordCount":566,"publisher":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/#organization"},"image":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/#primaryimage"},"thumbnailUrl":"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/NorthKoreaHackersMacOS.jpg","keywords":["Corea del Norte","criptomonedas","hacker"],"articleSection":["Compa\u00f1\u00edas","Editor's Picks","Noticias","Seguridad"],"inLanguage":"es"},{"@type":"WebPage","@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/","url":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/","name":"Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom The CryptoCurrency Post ESP","isPartOf":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/#primaryimage"},"image":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/#primaryimage"},"thumbnailUrl":"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/NorthKoreaHackersMacOS.jpg","datePublished":"2025-07-03T15:03:12+00:00","dateModified":"2026-05-12T06:21:48+00:00","description":"Los hackers norcoreanos han perfeccionado sus herramientas de ingenier\u00eda social enga\u00f1ando a profesionales cripto para que descarguen.","breadcrumb":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/#primaryimage","url":"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/NorthKoreaHackersMacOS.jpg","contentUrl":"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2025\/07\/NorthKoreaHackersMacOS.jpg","width":768,"height":399,"caption":"Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom"},{"@type":"BreadcrumbList","@id":"https:\/\/thecryptocurrencypost.net\/es\/hackers-norcoreanos-implementan-malware-nimdoor-para-macos-mediante-actualizaciones-falsas-de-zoom\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Noticias Criptomonedas","item":"https:\/\/thecryptocurrencypost.net\/es\/"},{"@type":"ListItem","position":2,"name":"Hackers Norcoreanos Implementan Malware NimDoor para MacOS Mediante Actualizaciones Falsas de Zoom"}]},{"@type":"WebSite","@id":"https:\/\/thecryptocurrencypost.net\/es\/#website","url":"https:\/\/thecryptocurrencypost.net\/es\/","name":"The CryptoCurrency Post ESP","description":"Crypto News","publisher":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thecryptocurrencypost.net\/es\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/thecryptocurrencypost.net\/es\/#organization","name":"The CryptoCurrency Post ESP","url":"https:\/\/thecryptocurrencypost.net\/es\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/thecryptocurrencypost.net\/es\/#\/schema\/logo\/image\/","url":"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2026\/05\/TCP-favicon-dev.png","contentUrl":"https:\/\/thecryptocurrencypost.net\/es\/wp-content\/uploads\/sites\/2\/2026\/05\/TCP-favicon-dev.png","width":280,"height":280,"caption":"The CryptoCurrency Post ESP"},"image":{"@id":"https:\/\/thecryptocurrencypost.net\/es\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/thecryptocurrencypost.net\/es\/#\/schema\/person\/b97af1cf76633b27e9376ca0d59f14ed","name":"Jos\u00e9 Miguel Carrillo","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/d0642f3d360edf4f7d3732cf71c3044ad5deee6e9fa22fafbfffd389a9465458?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d0642f3d360edf4f7d3732cf71c3044ad5deee6e9fa22fafbfffd389a9465458?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d0642f3d360edf4f7d3732cf71c3044ad5deee6e9fa22fafbfffd389a9465458?s=96&d=mm&r=g","caption":"Jos\u00e9 Miguel Carrillo"},"description":"Jos\u00e9 is a contributor at The Cryptocurrency Post covering cryptocurrency markets, blockchain developments and digital asset news. His author archive includes ongoing coverage of market movements, protocol updates and industry events. The content is published for informational purposes and should not be considered financial advice.","sameAs":["https:\/\/www.linkedin.com\/in\/jose-miguel-4709881a5\/"],"url":"https:\/\/thecryptocurrencypost.net\/es\/author\/jose\/"}]}},"_links":{"self":[{"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/posts\/50687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/comments?post=50687"}],"version-history":[{"count":1,"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/posts\/50687\/revisions"}],"predecessor-version":[{"id":64604,"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/posts\/50687\/revisions\/64604"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/media\/50689"}],"wp:attachment":[{"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/media?parent=50687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/categories?post=50687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecryptocurrencypost.net\/es\/wp-json\/wp\/v2\/tags?post=50687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}