Celas Trade Pro

Software updated 7 months ago (2024-05-04T21:05:24.558Z)

Download STIX

Preview STIX

Celas Trade Pro is a malicious software application posing as a cryptocurrency trading platform. It was developed by North Korean hackers, referred to as HIDDEN COBRA by the U.S. government, as part of a series of deceptive applications collectively known as the "AppleJeus" family of malware. These applications, including Celas Trade Pro, WorldBit-Bot, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale, were developed and deployed from March 2018 through at least September 2020. The purpose of these apps was to provide backdoor access into the victims' computers, posing a significant cyber threat, particularly to the cryptocurrency sector. The Celas Trade Pro application is a modified version of the benign Q.T. Bitcoin Trader application. Available as an MSI Installer for Windows, it contained FALLCHILL as its final payload, a sophisticated piece of malware used for remote control over infected systems. The detailed analysis of this malicious program can be found in the MAR-10322463-1.v1 report published on the US-CERT website. Links between Celas Trade Pro and similar behaving infrastructure, such as TraderTraitor and other AppleJeus family members, have been noted by cybersecurity experts. This interconnectedness allows for trivial pivots among these infrastructures, further extending the potential reach and impact of these malicious applications. Public advisories and analysis reports related to these threats are available on the CISA website and GitHub.

Description last updated: 2024-05-04T21:05:24.531Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
AppleJeus is a possible alias for Celas Trade Pro. AppleJeus is a malware attributed with medium confidence to the North Korea-linked APT group "Gleaming Pisces," also known as Citrine Sleet, by researchers at Palo Alto's Unit 42. The group has been notorious for distributing versions of AppleJeus malware disguised as legitimate cryptocurrency tradi	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Celas Trade Pro Software was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	2 years ago	AppleJeus: Analysis of North Korea’s Cryptocurrency Malware \| CISA
MITRE	2 years ago	Three North Korean Military Hackers Indicted in Wide-Ranging Scheme
CERT-EU	a year ago	JumpCloud Intrusion \| Attacker Infrastructure Links Compromise to North Korean APT Activity