AppleJeus

AppleJeus Description

AppleJeus is a Trojan downloader that facilitates backdoor attacks by downloading other threats and, possibly, additional commands. Its distribution uses fake company identities and associated financial software for infecting victims' systems. Users should research companies before downloading their products as a safeguard and use compatible anti-malware products for deleting AppleJeus as it's detected.

Trading Your Security Away with Crypto-Trading Software

The Lazarus Group, a collection of infrastructure and technique-sharing hacker entities based in North Korea, is most well-known for its espionage-related antics. It also compromises targets for profiteering as a 'side gig.' The compromise of a cryptocurrency exchange in 2018 is insightful, especially, granting crucial details on how Lazarus Group operates, as well as airing a newfound macOS threat. Since the Lazarus Group uses Windows-native Trojans and related hacking tools ordinarily, AppleJeus represents a bite of an entirely different apple.

AppleJeus's distribution model is, as usual, the most exciting portion of its campaign, rather than its payload and features. The Lazarus Group established a shell company on a domain paid for in cryptocurrency, complete with believable, falsified identity information and credentials like digital signatures. The 'company,' Celas Limited, offered downloads of a Celas Trade Pro application – a cryptocurrency-trading program for Windows and macOS.

Both versions of the software use a corrupted updater component, in the macOS's case, AppleJeus. The victims acquire a totally-believable trading application but also opens up their system to AppleJeus's commands and payloads, which, to date, include FALLCHILL. FALLCHILL is a backdoor Trojan that can control memory processes, execute commands, collected data, wipe files, remove itself, and perform other operations that malware experts associate with high-level threats with an espionage focus.

The New Crop from the Trojan Tree

To the surprise of no one in the cyber-security industry, the Lazarus Group remains highly active in 2019. A deep code dive into one of their currently-in-circulation Trojans shows that AppleJeus might be alive, and getting updates. A new shell company, JMT Trading, is offering similarly-threatening financial software with techniques almost identical to that of old AppleJeus attacks. However, this macOS program includes support for acting on C&C-transmitted commands and can function as a backdoor, all by itself – which may make a new version of AppleJeus into a 'cross-genre' Trojan.

Average workers can't undertake investigations into company addresses and transactional histories regularly, which would reveal the fraud involved in these tactics. However, they can avoid downloading unknown software without good reviews from third parties and stay with download resources that they know uphold bare-minimum security standards. They also should be wary of installers asking for admin privileges, as AppleJeus does, which is a common sign of a disguised Trojan's installation.

Outdated security solutions struggle with flagging this Trojan. Always let your anti-malware services install their most recent database updates so that detecting and removing AppleJeus and other, current threats, becomes trivially easy.

This baby's first step into macOS hacking is a frighteningly large one. The psychological components in the AppleJeus campaign are at least as potent as its programming, which remains threatening to any company that gets itself infected.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to AppleJeus may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: December 10, 2019

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.