Fake Windows Crypto Apps Spreading AppleJeus Malware

Further probe revealed that in June 2022, the threat actors registered a domain name (bloxholdercom which was live at the time of writing) and configured it for hosting a website related to automated cryptocurrency trading. Detailed AnalysisVolexity researchers noted that the Lazarus hacker group was installing AppleJeus malware through malicious MS Office documents titled OKX Binance & Huobi VIP fee comparision.xls in the place of an MSI installer. Campaign AnalysisAccording to researchers, the notorious Lazarus hacking group uses a fake trading website and DLL Side-loading to distribute the malware.