Ants2whale

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Ants2Whale is a malicious software (malware) identified as the seventh version of AppleJeus, a notorious family of North Korean malware targeting cryptocurrency operations. First discovered in late 2020, Ants2Whale operates similarly to its predecessors, with its main function being to provide hackers a backdoor into victims' computers. It is installed in the folder /Applications/Ants2whale.app/Contents/MacOS/Ants2whale on the targeted system and can infiltrate systems through suspicious downloads, emails, or websites, often without user knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or even hold data hostage for ransom. The website for this version of AppleJeus, ants2whale[.]com, requires users interested in downloading the Ants2Whale application to contact the administrator, advertising their product as a "premium package." This method of operation aligns with the broader strategy of the North Korean hackers, known as HIDDEN COBRA by the U.S. government, who have been developing multiple malicious cryptocurrency applications since March 2018 through at least September 2020. These applications, including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale, all serve the same purpose - to exploit and damage computer systems, particularly those involved in cryptocurrency transactions. In-depth analysis and indicators of compromise related to the AppleJeus family of malware, including Ants2Whale, can be found in the joint cybersecurity analysis and Malware Analysis Reports (MARs) MAR-10322463-7.v1 available at US-CERT's website. These reports highlight the significant cyber threat that North Korea poses to the world of cryptocurrency. As such, individuals and organizations are urged to exercise caution when dealing with suspicious downloads or websites, and to maintain up-to-date cybersecurity measures to protect against such threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
AppleJeus
1
AppleJeus is a notorious malware attributed to the North Korean APT Lazarus Group, designed primarily to steal cryptocurrency. This malicious software has been a key instrument in North Korea's financial theft operations, with threat groups pilfering $2.3 billion USD worth of crypto assets between M
HIDDEN COBRA
1
Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a
Kupay Wallet
1
Kupay Wallet is a malicious software (malware) identified as part of the AppleJeus Version 4 malware family, developed and deployed by North Korean hackers, referred to by the U.S. government as HIDDEN COBRA. The malware was developed between March 2018 and September 2020, alongside other malicious
Cryptoneuro Trader
1
CryptoNeuro Trader is a malicious software (malware) that has been used to target and exploit hundreds of cryptocurrency companies, leading to the theft of tens of millions of dollars' worth of cryptocurrency. Notable incidents include the theft of $75 million from a Slovenian company in December 20
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Korean
Backdoor
t1583.001
Malware
t1587.001
Celas Trade ...
Bot
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MarsUnspecified
1
Mars is a malicious software (malware) that has been discovered by Trend Micro's Mobile Application Reputation Service (MARS) team. This malware is particularly damaging as it involves two new Android malware families related to cryptocurrency mining and financially-motivated scam campaigns, targeti
Ants2whalehelperUnspecified
1
Ants2whalehelper is a potent malware that infiltrates systems, causing significant harm and disruption. It operates by installing itself in the /Library/Application Support/Ants2WhaleSupport/ folder of the targeted system, often without the user's knowledge or explicit consent. This malicious softwa
DorusioUnspecified
1
Dorusio is a malware application that is part of the "AppleJeus" family, a group of malicious cryptocurrency applications developed by North Korean hackers, also known as HIDDEN COBRA. The Dorusio program, which mimics an open-source cryptocurrency wallet application, was developed alongside other m
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ants2whale Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Three North Korean Military Hackers Indicted in Wide-Ranging Scheme
MITRE
a year ago
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware | CISA