₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware

Volexity documents a June–October 2022 Lazarus Group campaign targeting cryptocurrency users by distributing backdoored cryptocurrency applications (MSI) and malicious Microsoft Office documents that deploy AppleJeus variants; notable findings include a cloned cryptocurrency website (bloxholder.com), a novel chained DLL side-loading technique where a system DLL loads an attacker DLL, obfuscated AppleJeus variants, C2 hostnames and numerous file IOCs, plus recommended detections and mitigations.