North Korean hackers, linked to APT group BlueNoroff, are targeting crypto and Web3 employees with Nim-compiled macOS malware disguised as Zoom updates. Using Telegram and Calendly for social engineering, the attack deploys complex payloads like NimDoor for persistence and data exfiltration. SentinelOne highlights the use of Nim for stealthy execution and novel macOS persistence techniques.