Federal agencies are warning about potential cyber threats posed by the infamous North Korean hacking group Lazarus. In a joint advisory, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Department of Treasury (DoT) revealed that the Lazarus hacking group is using different kinds of AppleJeus malware to target cryptocurrency exchanges and crypto-wallets.
The agencies stated the Group developed seven fake cryptocurrency trading applications to include AppleJeus malware variants to steal cryptocurrency. The seven malicious apps include Celas Trade Pro, JMT Trading, Union Crypto, Kupay Wallet, CoinGoTrade, Dorusio, and Ants2Whale. The Group used these malicious apps to bypass international sanctions imposed on the North Korean government and targeted individuals, cryptocurrency exchanges, and financial service companies across 30 countries last year.
Active since 2018, the Lazarus group leveraged multiple cyberthreat vectors like phishing, social networking, and social engineering attacks to trick unwitting users into downloading the malware.
Lazarus’ Timeline of Attacks
The Lazarus hacking group was involved in multiple cyber-espionage and cyber-sabotage campaigns earlier.
- December 2019: Researchers discovered a malware dubbed “Fileless” distributed by the Lazarus group.
- 2018: Kaspersky uncovered the AppleJeus malicious operation by Lazarus Group to intrude on cryptocurrency exchanges and applications.
- 2017: The malicious activities of the group include the creation of malware used in the WannaCry0 global ransomware attack.
- 2016: Theft of $81 million from Bangladesh Bank.
- 2014: Attack on Sony Pictures Entertainment and numerous other intrusions on the entertainment, financial services, defense, technology, virtual currency industries, academia, and electric utilities.
How to Defend Against AppleJeus Malware
The federal agencies urged organizations to report in case they identify AppleJeus malware within their networks. They also recommended certain security measures for cryptocurrency users and organizations to combat AppleJeus malware. These include:
- Verify the source of cryptocurrency-related applications.
- Use multiple wallets for key storage, striking the appropriate risk balance between hot and cold storage.
- Use custodial accounts with multi-factor authentication mechanisms for both user and device verification.
- Patronize cryptocurrency service businesses that offer indemnity protections for lost or stolen cryptocurrency.
- Consider having a dedicated device for cryptocurrency management.