Pass the AppleJeus
Contents
|Malwarebytes||Airo AV|
I’ve shared the OSX.AppleJeus sample (password: infect3d)
…please don’t infect yourself!
On Friday @malwrhunterteam tweeted about some interesting malware:
So, in short: anyone installed this "JMT Trader" recently (or anytime? - others will probably have the time to dig and find out...), got some APT's malware with it too... pic.twitter.com/tEYJZEYxAq— MalwareHunterTeam (@malwrhunterteam) October 11, 2019
At the time of said tweet, the sample was undetected by 0 engines on VirusTotal:
In the same twitter thread, @malwrhunterteam also noted this malware may have been seen before (or at least was closely related to previous specimen analyzed by Kaspersky (as
OSX.AppleJeus)):
If that highlighted not says anything to you... then look here in what malware it was seen before: https://t.co/xSfDulILh0— MalwareHunterTeam (@malwrhunterteam) October 11, 2019
cc @craiu pic.twitter.com/g2CyU87aLr
Read Kaspersky’s excellent write up on a previous (albeit closely related) malware specimen: “Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware”
As we’ll see, though related to the previously …
I’ve shared the OSX.AppleJeus sample (password: infect3d)
…please don’t infect yourself!
On Friday @malwrhunterteam tweeted about some interesting malware:
So, in short: anyone installed this "JMT Trader" recently (or anytime? - others will probably have the time to dig and find out...), got some APT's malware with it too... pic.twitter.com/tEYJZEYxAq— MalwareHunterTeam (@malwrhunterteam) October 11, 2019
At the time of said tweet, the sample was undetected by 0 engines on VirusTotal:
In the same twitter thread, @malwrhunterteam also noted this malware may have been seen before (or at least was closely related to previous specimen analyzed by Kaspersky (as
OSX.AppleJeus)):
If that highlighted not says anything to you... then look here in what malware it was seen before: https://t.co/xSfDulILh0— MalwareHunterTeam (@malwrhunterteam) October 11, 2019
cc @craiu pic.twitter.com/g2CyU87aLr
Read Kaspersky’s excellent write up on a previous (albeit closely related) malware specimen: “Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware”
As we’ll see, though related to the previously …
IoC
185.228.83.32
74390fba9445188f2489959cb289e73c6fbe58e4
https://beastgoc.com/grepmonux.php
https://github.com/jmttrading/JMTTrader/releases
https://www.jmttrading.org/
74390fba9445188f2489959cb289e73c6fbe58e4
https://beastgoc.com/grepmonux.php
https://github.com/jmttrading/JMTTrader/releases
https://www.jmttrading.org/