AppleJeus: the North Korean malware used to steal millions of dollars in cryptocurrency

On Wednesday afternoon, the US Department of Justice (DOJ) announced the arrest of three North Korean individuals accused of compromising the networks of various banks and cryptocurrency exchange platforms using a powerful variant of unidentified malware. Just hours later, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) revealed that these malicious activities were deployed using the AppleJeus malware.

The DOJ accused the three North Korean individuals of stealing 1.3 billion USD in cash and cryptocurrencies in attacks on banks, the entertainment industry, cryptocurrency companies and other organizations.

The report mentions that cybercriminals attacked organizations in more than 30 countries in the past year alone using the aforementioned malware variant, distributing it through malicious mobile apps that sought to attract virtual asset enthusiasts: “These apps allow them to enter companies that perform virtual transactions with the aim of stealing cryptocurrency from their victims.”

Agencies also published a detailed report on malicious applications used by hacking groups associated with the North Korean government, which have developed at least seven versions of AppleJeus since its initial detection in 2018.

Most of these malicious apps are promoted as legitimate tools via attacker-controlled websites: “Initially, Hidden Cobra hackers used websites that seemed to host legitimate cryptocurrency trading platforms to infect victims with AppleJeus, although in the end hackers are also using other initial infection vectors, such as phishing , social media and social engineering techniques,” the CISA report mentions.

The agency published a report on malicious applications, including:

  • Celas Trade Pro
  • JMT Trading
  • Union Crypto
  • Kupay Wallet
  • CoinGoTrade
  • Dorusio
  • Ants2Whale

On the other hand, Matt Hartman, deputy chief executive of CISA, believes this work is a clear example of the U.S. government’s efforts to counter malicious campaigns deployed by the North Korean government: “The FBI and CISA will continue to assess cyber threats from North Korea and any other nation determined to deploy hacking campaigns against individuals and organizations in the U.S.”

To learn more about computer security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.