Recently, the FBI, CISA, and U.S. Department of Treasury have released a joint advisory highlighting the threat posed by Lazarus Group using several variants of the AppleJeus malware. Lazarus Group is a cybercrime group consisting of North Korean state-backed hackers. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them over the last decade.
The report has named a total of seven fake cryptocurrency trading applications, which have been developed or modified to include AppleJeus malware variants to steal cryptocurrency. The hackers tricked the victims into downloading the malware by phishing, social networking, and social engineering techniques. Using these malicious applications infected with AppleJeus malware, threat actors have successfully targeted cryptocurrency exchanges and accounts to steal and launder hundreds of millions of dollars in cryptocurrency.
With slight modifications in its techniques, the Lazarus group has been able to steal and launder hundreds of millions of dollars in cryptocurrency from individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency. Last year, Lazarus Group targeted cryptocurrency exchanges and financial service companies in 30 countries, which makes it a serious concern for cybersecurity professionals.