skip to Main Content

Cybercrime, Lazarus spreads Applejeus via fake cryptocurrency apps

Lazarus spreads Applejeus via fake cryptocurrency apps.Volexity cybersecurity experts: The North Korea’s APT uses a fake trading website, that mimic a legit one, and DLL Side-loading to distribute the malware

Applejeus malware has now been spread by fake cryptocurrency apps. Volexity cybersecurity experts discovered it. Researchers observed new activity tied to Lazarus North Korean threat actor, that involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents. The analysis uncovered a live cryptocurrency-themed website with contents stolen from another legitimate one. In June 2022, the APT registered the domain name bloxholder[.]com, and then configured it to host a website related to automated cryptocurrency trading. It was largely a clone of the legitimate website, HaasOnline (haasonline[.]com. All “HaasOnline” references were changed to “BloxHolder” and a handful of other updates were made throughout. Further technical analysis of the deployed AppleJeus malware uncovered a new variation of DLL side-loading that has not seen previously documented as in the wild. In 2021 Lazarus targeted blockchain companies with TraderTraitor.

Back To Top