You all probably remember the AppleJeus malware that was used by Lazarus to target Mac devices in February. It is back!
The scoop
Recently, the FBI and CISA published a joint advisory warning against the AppleJeus malware deployed by the Hidden Cobra threat actor. The group is launching attacks against financial services, cryptocurrency exchanges, and similar entities. The crypto-malware is being propagated via trojanized versions of crypto trading apps.
A glimpse into the history
AppleJeus started by the name of Celas Trade Pro in 2018 and allowed criminals to issue remote commands using a C2 server.
The next instance was in 2019 in which the malware went as a cryptocurrency trading app.
According to Malware Analysis Reports (MARs), threat actors have been impersonating trading apps including JMT Trading, Kupay Wallet, CoinGoTrade, Ants2Whale, Union Crypto, and Dorusio since 2018.
Recent Lazarus activities
Lazarus, also known as Hidden Cobra, leveraged a previously undocumented backdoor, Vyveva, to attack a South African freight logistics firm.
Only last month, the APT group was spotted broadening its arsenal with TFlower ransomware, as a double extortion tactic.
In February, it used various strains of AppleJeus to steal cryptocurrency.
The bottom line
The agencies have recommended a series of mitigation measures—post-compromise and proactive—for organizations to follow in order to stay safe. Lazarus is an extremely vicious North-Korean state-sponsored threat group and the immense threat posed by the group cannot be ignored.