Lazarus Hackers Now Use Fake Crypto Apps To Steal Assets

Digital Asset Thief Stealing Ethereum Token
Digital Asset Thief Stealing Ethereum Token
Digital Asset Thief Stealing Ethereum Token

North Korea has an aggressive hacking group called “Lazarus.”   If you’ve ever visited, you may know of them already. The group created the spoof site.  Now it appears Lazarus is creating more of the fake crypto apps to steal a variety of digital assets.

AppleJeus Malware Paired To Fake Crypto-Apps

Bleeping computer first reported the news last Saturday.  According to the computer security blog, the apps the group is spreading contain AppleJeus malware.  This damaging software steals information from unsuspecting users of these fake crypto-apps and even infected Microsoft Office documents.   

Once the info is stolen, it is used by Lazarus  to gain initial access to networks.  And once entry has been gained, the group wreaks havoc. The North Korean gang of hackers has used fake apps like BloxHolder to steal NFTs, crypto-coins, stablecoins, and more.


Volexity has been tracking activity of Lazarus and was first to report the BloxHolder website was an imposter.   The site was a copy of the layout of legitimate crypto trading software site, Haas Online.

Once users download the app from BloxHolder, an infected Microsoft Installation (MSI) file would install both the intended program and silently, the malicious AppleJeus malware.

The malicious files collect the MAC address, computer name, and OS version of computer user.  It then sends that information to the C2 (hackers) via a POST request.  This allows them to identify if a user’s computer is running on a virtual machine or sandbox.

Once they have that information, the damage is done.

Strengthening AppleJeus Malware

This type of malware has been used by the Lazarus hacking group before and computer security companies are warning crypto-traders to be even more aware today, than yesterday.  The numbers of tricks are increasing and the variants of such malware are rising.

And perhaps the worst part of this latest discovery, the new malware is even more stealthier than before.

History of Lazarus

The Lazarus Hacking Group is well known by the US government.  There’s currently a $5-Million-dollar bounty for anyone that presents information that can disrupt the digital bandits.

Lazarus is also known as ‘ZINC.’  The group first gained fame in the computer security world in 2017 when they launched a global ransomware that affected businesses across the world.  They are also known for a major hack that affected Sony Films.

In the cryptocurrency world the group is most known for creating crypto-wallets  and trading apps that are trojanized.

Please follow and like us: