Ants2whale

Ants2Whale is a malicious software (malware) identified as the seventh version of AppleJeus, a notorious family of North Korean malware targeting cryptocurrency operations. First discovered in late 2020, Ants2Whale operates similarly to its predecessors, with its main function being to provide hackers a backdoor into victims' computers. It is installed in the folder /Applications/Ants2whale.app/Contents/MacOS/Ants2whale on the targeted system and can infiltrate systems through suspicious downloads, emails, or websites, often without user knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or even hold data hostage for ransom. The website for this version of AppleJeus, ants2whale[.]com, requires users interested in downloading the Ants2Whale application to contact the administrator, advertising their product as a "premium package." This method of operation aligns with the broader strategy of the North Korean hackers, known as HIDDEN COBRA by the U.S. government, who have been developing multiple malicious cryptocurrency applications since March 2018 through at least September 2020. These applications, including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale, all serve the same purpose - to exploit and damage computer systems, particularly those involved in cryptocurrency transactions. In-depth analysis and indicators of compromise related to the AppleJeus family of malware, including Ants2Whale, can be found in the joint cybersecurity analysis and Malware Analysis Reports (MARs) MAR-10322463-7.v1 available at US-CERT's website. These reports highlight the significant cyber threat that North Korea poses to the world of cryptocurrency. As such, individuals and organizations are urged to exercise caution when dealing with suspicious downloads or websites, and to maintain up-to-date cybersecurity measures to protect against such threats.