AppleJeus

AppleJeus is a cross-platform malware developed by the Lazarus APT group. AppleJeus was a targeted attack distributed by phishing email claiming to be a cryptocurrency trading application.

The trading application has a hidden updater module that is installed and runs automatically after system reboot. This component will contact its C&C and it may upload/download additional files. The malware will first collect basic information from the system such as : host name, OS version, OS kernel version.The malware will send the collected information to its C&C encrypted within a .gif file. To persist system reboot, it creates the LaunchAgent “/Library/LaunchDaemons/com.celastradepro.plist” that will start “updater” file:

Links:

Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware

Samples:
8069b2a09aee5a387a731fe072428839ba5db11d

Share this: