You all probably remember the AppleJeus malware that was used by Lazarus to target Mac devices in February. It is back!

The scoop

Recently, the FBI and CISA published a joint advisory warning against the AppleJeus malware deployed by the Hidden Cobra threat actor. The group is launching attacks against financial services, cryptocurrency exchanges, and similar entities. The crypto-malware is being propagated via trojanized versions of crypto trading apps.   

A glimpse into the history

AppleJeus started by the name of Celas Trade Pro in 2018 and allowed criminals to issue remote commands using a C2 server.
  • The next instance was in 2019 in which the malware went as a cryptocurrency trading app.
  • According to Malware Analysis Reports (MARs), threat actors have been impersonating trading apps including JMT Trading, Kupay Wallet, CoinGoTrade, Ants2Whale, Union Crypto, and Dorusio since 2018.

Recent Lazarus activities

  • Lazarus, also known as Hidden Cobra, leveraged a previously undocumented backdoor, Vyveva, to attack a South African freight logistics firm. 
  • Only last month, the APT group was spotted broadening its arsenal with TFlower ransomware, as a double extortion tactic. 
  • In February, it used various strains of AppleJeus to steal cryptocurrency. 

The bottom line

The agencies have recommended a series of mitigation measures—post-compromise and proactive—for organizations to follow in order to stay safe. Lazarus is an extremely vicious North-Korean state-sponsored threat group and the immense threat posed by the group cannot be ignored.

Cyware Publisher