Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.
"Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,"



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/07/north-korean-hackers-target-web3-with.html