
North Korea has an aggressive hacking group called “Lazarus.” If you’ve ever visited BloxHolder.com, you may know of them already. The group created the spoof site. Now it appears Lazarus is creating more of the fake crypto apps to steal a variety of digital assets.
AppleJeus Malware Paired To Fake Crypto-Apps
Bleeping computer first reported the news last Saturday. According to the computer security blog, the apps the group is spreading contain AppleJeus malware. This damaging software steals information from unsuspecting users of these fake crypto-apps and even infected Microsoft Office documents.
Once the info is stolen, it is used by Lazarus to gain initial access to networks. And once entry has been gained, the group wreaks havoc. The North Korean gang of hackers has used fake apps like BloxHolder to steal NFTs, crypto-coins, stablecoins, and more.
BloxHolder
Volexity has been tracking activity of Lazarus and was first to report the BloxHolder website was an imposter. The site was a copy of the layout of legitimate crypto trading software site, Haas Online.
Once users download the app from BloxHolder, an infected Microsoft Installation (MSI) file would install both the intended program and silently, the malicious AppleJeus malware.
The malicious files collect the MAC address, computer name, and OS version of computer user. It then sends that information to the C2 (hackers) via a POST request. This allows them to identify if a user’s computer is running on a virtual machine or sandbox.
Once they have that information, the damage is done.
Strengthening AppleJeus Malware
This type of malware has been used by the Lazarus hacking group before and computer security companies are warning crypto-traders to be even more aware today, than yesterday. The numbers of tricks are increasing and the variants of such malware are rising.
And perhaps the worst part of this latest discovery, the new malware is even more stealthier than before.
History of Lazarus
The Lazarus Hacking Group is well known by the US government. There’s currently a $5-Million-dollar bounty for anyone that presents information that can disrupt the digital bandits.
Lazarus is also known as ‘ZINC.’ The group first gained fame in the computer security world in 2017 when they launched a global ransomware that affected businesses across the world. They are also known for a major hack that affected Sony Films.
In the cryptocurrency world the group is most known for creating crypto-wallets and trading apps that are trojanized.