The Cybersecurity and Infrastructure Security Agency (CISA), Department of the Treasury (DOT) and the FBI have released a joint advisory about the AppleJeus malware and other indicators of compromise that North Korea-backed threat actors use to perform cryptocurrency theft.
The joint advisory released Wednesday provides technical details about seven versions of AppleJeus malware that Hidden Cobra actors have been using since 2018: Celas Trade Pro; JMT Trading; Union Crypto; Kupay Wallet; CoinGoTrade; Dorusio; and Ants2Whale.
“Initially, HIDDEN COBRA actors used websites that appeared to host legitimate cryptocurrency trading platforms to infect victims with AppleJeus; however, these actors are now also using other initial infection vectors, such as phishing, social networking, and social engineering techniques, to get users to download the malware,” the notice reads.
Threat actors are using AppleJeus to infect networks of institutions within government, energy, technology, finance and telecommunications sectors, according to the advisory.
CISA, Treasury and the FBI have called on organizations infected with the malware to initiate an incident response plan, implement two-factor authentication, use hardware wallets, eliminate impacted hosts from networks and install a host based intrusion detection-based software, among other mitigation measures.