Crypto Malware ‘AppleJeus’ Used By North Korea To Steal Cryptocurrency

The United States Government has identified a cryptocurrency malware used by the North Korean government to steal crypto for Pyongyang. 

US Agencies Report “AppleJeus” Malware In Detail

A report developed by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Treasury Department revealed that the crypto-malware called ‘AppleJeus’ was disguised as a legitimate-looking crypto trading software to facilitate cryptocurrency thefts.

First deployed in 2018, AppleJeus has been camouflaged using seven different official-sounding names. The names include Celas Trade Pro, JMT Trading, Union Crypto, Kupay Wallet, CoinGoTrade, Dorusio, and Ants2Whale.

AppleJeus mostly appeared to be from a legitimate cryptocurrency trading company to trick people into downloading it as a third-party application from websites that seemed genuine.

Apart from baiting people through third-party apps, the malware also used phishing, social networking, and social engineering techniques to lure users into downloading it.

The report detailed Hidden Cobra, the North Korean sponsored cyber unit also known as Lazarus Group, to have stolen and laundered hundreds of millions worth of cryptocurrency since January of last year.

The Lazarus Group hackers targeted individuals and companies, such as crypto exchanges and financial service firms, and ultimately committed criminal acts in 32 countries across different continents.

The countries exploited by Hidden Cobra since January 2020 according to the US include Argentina, Australia, Belgium, and others. 

North Korea’s Malicious Campaigns To Fund Nuclear Weapons

The US government has continuously put in efforts to counter malicious campaigns deployed by the North Korean government.

North Korean operators have previously stolen an estimated $2 billion following at least 35 cyberattacks on banks and cryptocurrency exchanges across more than a dozen countries. This is according to a UN report seen by Reuters in 2019.

The Northeast Asian nation also repeatedly laundered stolen cryptocurrencies to fund its nuclear weapons and ballistic missile programs in 2020. The government uses cryptocurrency as a vehicle to continue its nuclear weapons projects.

According to a panel of UN experts in an AP report, the North Korean-linked cyber actors continued to launch malicious attacks from 2019 to 2020 on financial institutions and crypto exchanges to generate money to support its weapons of mass destruction.

The UN experts added that North Korea’s virtual assets’ total theft from 2019 to November 2020 is valued at approximately $316.4 million.

The US Treasury also reportedly sanctioned three North Korean hacking groups (Lazarus Group, Bluenoroff, and Andariel) for funneling stolen financial assets to Pyongyang that same year.