Serafim
Advanced
- Joined
- 28.09.20
- Messages
- 135
- Reaction score
- 1,205
- Points
- 93
The Lazarus Group has developed several versions of the AppleJeus malware to attack individuals and companies around the world.
The FBI, CISA, and the U.S. Treasury Department have released detailed information about malicious and fake cryptocurrency trading apps used by North Korean hackers to steal cryptocurrency from individuals and companies around the world.
The fake apps were developed and infected with the AppleJeus malware by the Lazarus Group cybercrime group. Hackers have developed and used multiple versions of AppleJeus since the malware was discovered in 2018.
Most versions are delivered under the guise of secure applications through sites controlled by attackers and imitating legitimate sites and companies. In total, seven versions of the AppleJeus malware were identified: Celas Trade Pro, JMT Trading, Union Crypto, Kupay Wallet, CoinGoTrade, Dorusio, and Ants2Whale.
In one case, the criminals organized a phishing mailing list on behalf of Celas LLC. The emails contained links to the Celas website for downloading the infected cryptocurrency trading app. It is noteworthy that the site had valid security certificates in accordance with the Domain Control Validated model, which does not allow to reliably establish the site owner or the existence of the company.
A newer version of AppleJeus was called JMT Trading and distributed on behalf of the company of the same name. In this case, it was suggested to download the program from the repository on GitHub. Another UnionCryptoTrader program mimicked the Blackbird Bitcoin Arbitrage cryptocurrency arbitrage app. Kupay Wallet, in turn, was delivered as a wallet and in many ways was similar to the open source platform Copay of the American company BitPay.
The FBI, CISA, and the U.S. Treasury Department have released detailed information about malicious and fake cryptocurrency trading apps used by North Korean hackers to steal cryptocurrency from individuals and companies around the world.
The fake apps were developed and infected with the AppleJeus malware by the Lazarus Group cybercrime group. Hackers have developed and used multiple versions of AppleJeus since the malware was discovered in 2018.
Most versions are delivered under the guise of secure applications through sites controlled by attackers and imitating legitimate sites and companies. In total, seven versions of the AppleJeus malware were identified: Celas Trade Pro, JMT Trading, Union Crypto, Kupay Wallet, CoinGoTrade, Dorusio, and Ants2Whale.
In one case, the criminals organized a phishing mailing list on behalf of Celas LLC. The emails contained links to the Celas website for downloading the infected cryptocurrency trading app. It is noteworthy that the site had valid security certificates in accordance with the Domain Control Validated model, which does not allow to reliably establish the site owner or the existence of the company.
A newer version of AppleJeus was called JMT Trading and distributed on behalf of the company of the same name. In this case, it was suggested to download the program from the repository on GitHub. Another UnionCryptoTrader program mimicked the Blackbird Bitcoin Arbitrage cryptocurrency arbitrage app. Kupay Wallet, in turn, was delivered as a wallet and in many ways was similar to the open source platform Copay of the American company BitPay.