AppleJeus is a cryptocurrency-stealing trojan. It is distributed as legitimate-looking crypto trading apps. It hijacks transactions and it may install a backdoor that can execute malware and steal files. AppleJeus is dangerous to businesses, organizations, and individual Mac and PC users. This trojan is operated by the Lazarus Group, a North Korea-sponsored malicious actor.
Applejeus Trojan quicklinks
- How AppleJeus works
- AppleJeus infects fake trading apps
- It steals money and information
- How to protect yourself from AppleJeus
- How to find and delete AppleJeus malware
- Automatic Malware removal tools
- How to uninstall unwanted apps
- How to remove AppleJeus Trojan using Windows Control Panel
- How to remove AppleJeus Trojan from macOS
- (Optional) Delete related settings
- (Optional) Delete malicious files
AppleJeus in short:
|Type of threat||Trojan,
|Problems caused by the trojan||It steals cryptocurrency,
it logs user information which can be used to hack accounts.
|How AppleJeus spreads||It is shared in new cryptocurrency trading apps,
these apps download AppleJeus and other malware as updates.
|How to delete AppleJeus and other malware||Don’t install unknown cryptocurrency trading apps,
reset your passwords.
How AppleJeus works
AppleJeus malware is being used by the North Korean malware group Lazarus to steal money from individual users and from businesses. It does this by stealing wallet credentials, transferring cryptocurrency or hijacking transactions and redirecting money to addresses controlled by cybercriminals. It had even infected some cryptocurrency exchanges by tricking employees with phishing emails.
Despite its name, AppleJeus attacks both Macs and Windows PCs. It has been around since 2018 and has attacked targets in countries all over the globe.
AppleJeus infects fake trading apps
Legitimate applications for trading cryptocurrencies are taken by the cybercriminals, infected with AppleJeus, given new branding, and promoted to trick people into downloading and installing them.
According to the United States’ CISA (AppleJeus: Analysis of North Korea’s Cryptocurrency Malware), these are the names of the crypto trading apps that spread the AppleJeus trojan:
- Celas Trade Pro
- JMT Trading
- Kupay Wallet
- Union Crypto
The AppleJeus-infected apps are shared online, meant to be downloaded and installed by the victims who would believe them to be safe. For instance, AppleJeus-infected apps are uploaded on shady websites available to download for free. They are also promoted in phishing emails and social media posts, presented in a very professional way as cool new applications for trading popular cryptocurrencies.
The installers for these apps might not be infected with malware. Instead, the first update downloads AppleJeus and other infections.
It steals money and information
The AppleJeus trojan steals money in cryptocurrency. There’s not much that a victim of such malware can do to get their money back, thanks to the lack of chargebacks and insurance.
AppleJeus might not be the only threat that is installed by the malicious apps. A backdoor (FallChill) comes with it, allowing cybercriminals to upload, download, and delete files, execute scripts and programs.
Backdoors can be used to install new malware. They can also be used to steal information, such as passwords and usernames, private keys. These credentials can be used to hack accounts.
How to protect yourself from AppleJeus
AppleJeus is not the only crypto stealing trojan out there. There’s also Gmera, a cryptocurrency stealer that spreads disguised as legitimate apps and infects Macs (it even has an M1 native version). Another example is ClipBanker, a trojan that targets Windows PCs and replaces cryptocurrency addresses in the clipboard, redirecting money to wallets that belong to cybercriminals.
To avoid banking trojans and similar malware, it is best to use only reputable crypto trading applications and only download them from official websites. Don’t install unknown programs, definitely don’t reveal your credentials to them.
Another important thing is to protect your computer with real-time antivirus programs and keep your antivirus turned on always. The AppleJeus-infected apps were clean and would only download the trojan as an update, so the installer might not initially get flagged as malicious. Real-time security tools should recognize malicious behavior.
How to find and delete AppleJeus malware
The programs infected with AppleJeus aren’t necessarily malicious. They can be uninstalled normally.
But the AppleJeus trojan and other malware can’t be removed so easily. You can scan your computer with antivirus software (Spyhunter for Windows, Spyhunter for Mac or Combo Cleaner for Mac, etc.). Antivirus tools flag AppleJeus as a Trojan, Malware, NukeSped, etc.: Virustotal.com. It might also be wise to reset your personal computer in addition to performing antivirus scans.
It is also necessary to change your passwords and crypto wallet keys, as well as to make sure that you use multi-factor authentication to protect your accounts. Do not let stolen credentials be used.
Automatic Malware removal tools
How to uninstall unwanted apps
How to remove AppleJeus Trojan using Windows Control PanelMany hijackers and adware like AppleJeus Trojan install some of their components as regular Windows programs as well as additional software. This part of malware can be uninstalled from the Control Panel. To access it, do the following.
- Start→Control Panel (older Windows) or press Windows Key→Search and enter Control Panel and then press Enter (Windows 8, Windows 10).
- Choose Uninstall Program (if you don't see it, click in the upper right next to "View by" and select Category).
- Go through the list of programs and select entries related to AppleJeus Trojan . You can click on "Name" or "Installed On" to reorder your programs and make AppleJeus Trojan easier to find.
- Click the Uninstall button. If you're asked if you really want to remove the program, click Yes.
- In many cases anti-malware programs are better at detecting related parasites, thus I recommend installing Spyhunter to identify other programs that might be a part of this infection.
How to remove AppleJeus Trojan from macOSDelete AppleJeus Trojan from your applications.
- Open Finder.
- In the menu bar, click Go.
- Select Applications from the dropdown.
- Find the AppleJeus Trojan app.
- Select it and right-click it (or hold the Ctrl and click the left mouse button).
- In the dropdown, click Move to Bin/Trash. You might be asked to provide your login password.
(Optional) Delete related settingsSome malicious apps make themselves difficult to delete by changing various settings and leaving behind malicious files. Remove settings related to AppleJeus Trojan.
- Click the Apple logo in the menu bar. Open System Preferences.
- Some malicious applications set profiles to enforce unwanted settings. Remove unwanted configuration profiles.
- In System Preferences, click the Profiles icon. This icon is only visible if there are profiles on your Mac.
- Select unwanted profiles and remove them by pressing the minus '-' button at the bottom.
- Some adware applications set SOCKS proxy to manipulate your internet traffic. Remove unwanted proxies:
- In System Preferences, click Network, Advanced, Proxies.
- If a proxy is set without your permission, uncheck it and click OK.
(Optional) Delete malicious filesSome malicious apps leave behind dangerous files in your Library folders. Delete files related to AppleJeus Trojan.
- Open Finder.
- In the menu bar, click Go -> Computer.
- In the search box, type in AppleJeus Trojan and variations of it.
- Delete the files that are found and that seem to be related to AppleJeus Trojan.