Lazarus intensifies AppleJeus attack on crypto companies
Lazarus intensifies AppleJeus attack on crypto companies


Kaspersky's global research and analysis team released a report in 2018 about the AppleJeus process of cryptocurrency theft by Lazarus's famous threat organization.

New information indicates that this infamous gang is still more cautious, improving tactics and procedures, and is using the famous Telegraphic Communication application as one of the new attack methods, Britain, entities in Poland, Russia, and China have fallen victim to this process.

Lazarus gang or group is considered one of the most active and influential backward in the field of persistent threats and has been able to carry out a number of activities and operations against the companies linked to digitally

During AppleJeus' first operations in 2018, the company established a fake fake currency company to file fraudulent claims and benefit from the high confidence of potential victims.

Lazarus mission is to create the first malware for macOS. The app was downloaded by a user from a third-party website. The malware load was effectively transferred to the victim's device in the form of a disguised regular update as an application. The payload gives the attacker complete control over the device and steals the digital currency.

Kaspersky researchers found a major change in the company's offensive strategy to track the first attack, as the attack improved in 2019 despite simulating an anti-malware program. And Lazarus was in subsequent attacks creating fake digital dummy sites that included links to the Telegram channel to track fake companies and contact the people who reached them using malware through a web application. Telecommunications.

The attack consists of two phases, as in the first AppleJeus process, i.e. H., the user first downloads the app from the app's associated download tool to get the next download, this is useful for the remote server and finally allows the attacker to pass the permanent connection. The back port has full control over the affected device, but the attacker confirmed that this time the payload is carefully moved to avoid detection, and behavioral security solution and attacks on MacOS have added an authentication mechanism for the download. The attack development framework for the tool has changed, and this time it is used without files.

When targeting Windows users, attackers avoid Fallchill malware used in the first process. Malware they create can only run on a specific system after it has been verified to obtain a specific set of values. These changes indicate that this approach has made threats to attack you more careful, and avoided new detection methods.

Lazarus made major changes to the macOS malware and increased the number of versions. Unlike previous attacks, Lazarus QtBitcoinTrader uses open source to build MacOS installer, which uses self-generated code to create tools in subsequent operations, thus starting the process. Malicious installations and these developments indicate continued threats to modify MacOS malware. Kaspersky's discovery is an intermediate result of these changes.

Security researcher at Kaspersky in Songsu Park said later operations by AppleGeus showed that despite the global economic crisis that made the event "complicated", Lazarus continued to invest in crypto attacks: "This indicates that There are new changes and diversification that introduced subversion organizations. " With malware, there is no reason to believe that the number and severity of these attacks will increase. "

Lazarus organizations with ties to North Korea are known for their sophisticated operations, cyber sabotage, sabotage attacks, and economically motivated attacks. Several researchers, including Kaspersky researchers, have reported on investigations into these banks and other large financial institutions.

Kaspersky recommends that codecs do the following to prevent these and similar attacks:


  • Provide security awareness training to all employees to help them identify phishing attempts.
  • Run application security tests. It can help show reliability to potential investors.
  • Watch out for gaps in the smart contract implementation environment.


Kaspersky recommends the following for customers who want to buy or buy cryptocurrencies:


  • Use a well-known and reliable platform for cryptocurrencies.
  • Avoid clicking on links pretending to link users to an online bank or wallet.
  • Use a reliable security solution like Kaspersky Security Cloud to stave off completely different threats.




Save 80.0% on select products from RUWQ with promo code 80YVSNZJ, through 10/29 while supplies last.

HP 2023 15'' HD IPS Laptop, Windows 11, Intel Pentium 4-Core Processor Up to 2.70GHz, 8GB RAM, 128GB SSD, HDMI, Super-Fast 6th Gen WiFi, Dale Red (Renewed)
Previous Post Next Post