Fake Windows Crypto Apps Spreading AppleJeus Malware

The cybersecurity researchers at Volexity have detected a new wave of attacks in which AppleJeus malware is distributed through fake cryptocurrency apps. Researchers claim that the North Korean APT group Lazarus is behind this new campaign.

It is worth noting that, as reported by Hackread.com in August 2018, the Lazarus hacker group was found using AppleJeus malware against macOS in its attack against multiple cryptocurrency exchanges.

Campaign Analysis

According to researchers, the notorious Lazarus hacking group uses a fake trading website and DLL Side-loading to distribute the malware. The primary targets of this campaign are cryptocurrency users and organizations.

In their recent attack, the group is using a variant of AppleJeus malware distributed via malicious Microsoft Office documents. This campaign started in June 2022 and is still active.

“The Lazarus Group continues its effort to target cryptocurrency users, despite ongoing attention to their campaigns and tactics. Perhaps in an attempt to allude to detection, they have decided to use chained DLL side-loading to load their payload. Despite these changes, their targets remain the same, with the cryptocurrency industry being a focus as a means for the DPRK to bolster their finances,” researchers wrote in their blog post.

Volexity’s findings should not come as a surprise; as of January 2022, Lazarus hackers have stolen $1.7 billion from cryptocurrency exchanges. In fact, in April 2022, it was reported that the group has been using another malware called TraderTraitor to target Blockchain organizations.

How Did the Scheme Work?

The scheme reportedly involves

Read more

Explore the site

More from the blog

Latest News