Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
Contents
The North Korean Lazarus Group, aka APT38, is one of the most sophisticated North Korean APTs. It's been active since 2009 and is responsible for many high profile attacks.
In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks weaponized with malicious documents that used a familiar job opportunities theme. Now, researchers at Volexity have analyzed a new campaign that is likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by using malicious Microsoft Office documents.
Lazarus Group
The Lazarus group is commonly believed to be run by the North Korean government. It is thought to conduct financial cybercrimes as a way to raise money for a regime that has few trading opportunities, because of long-standing international sanctions. One of the group's preferred tactics is to use trojanized cryptocurrency related apps, like AppleJeus.
AppleJeus
Since 2018, one of Lazarus Group's tactics has been to …
In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks weaponized with malicious documents that used a familiar job opportunities theme. Now, researchers at Volexity have analyzed a new campaign that is likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by using malicious Microsoft Office documents.
Lazarus Group
The Lazarus group is commonly believed to be run by the North Korean government. It is thought to conduct financial cybercrimes as a way to raise money for a regime that has few trading opportunities, because of long-standing international sanctions. One of the group's preferred tactics is to use trojanized cryptocurrency related apps, like AppleJeus.
AppleJeus
Since 2018, one of Lazarus Group's tactics has been to …
IoC
18e190413af045db88dfbd29609eb877
http://BloxHolder.com
http://bloxholder.com
http://oilycargo.com
http://rebelthumb.net
http://strainservice.com
http://telloo.io
http://wirexpro.com
http://BloxHolder.com
http://bloxholder.com
http://oilycargo.com
http://rebelthumb.net
http://strainservice.com
http://telloo.io
http://wirexpro.com