Kupay Wallet

Malware updated 23 days ago (2024-11-29T13:39:11.303Z)
Download STIX
Preview STIX
Kupay Wallet is a form of malware, specifically part of the "AppleJeus" family of malicious cryptocurrency applications. This family, which includes Kupay Wallet among other programs like Celas Trade Pro, WorldBit-Bot, Union Crypto Trader, CoinGoTrade, Dorusio, CryptoNeuro Trader, and Ants2Whale, has been developed and deployed by North Korean hackers from March 2018 through at least September 2020. These applications provide backdoor access to victims' computers, posing a significant cyber threat especially to the cryptocurrency sector. The Cybersecurity and Infrastructure Security Agency (CISA) reported on an attack wave involving Kupay Wallet in 2021 as part of the broader AppleJeus campaign. The payloads of Kupay Wallet are likely similar in functionality to those from CoinGoTrade and Union Crypto for macOS X stage 2, or Windows stage 2. CISA identified the earliest sample of PondRAT as part of a cryptocurrency-themed Kupay Wallet macOS malware package during this campaign. Interestingly, there appear to be installation conflicts when users attempt to install multiple applications from the AppleJeus family on the same system. For instance, if Kupay Wallet is already installed and the user tries to install CoinGoTrade or Dorusio, they will encounter issues. Similarly, if Dorusio or CoinGoTrade are already installed, attempts to install Kupay Wallet will result in conflicts. Despite some cosmetic differences, such as the Dorusio logo and two new services, the wallet appears to be largely identical to the Kupay Wallet.
Description last updated: 2024-09-19T02:16:31.483Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
AppleJeus is a possible alias for Kupay Wallet. AppleJeus is a malware attributed with medium confidence to the North Korea-linked APT group "Gleaming Pisces," also known as Citrine Sleet, by researchers at Palo Alto's Unit 42. The group has been notorious for distributing versions of AppleJeus malware disguised as legitimate cryptocurrency tradi
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Macos
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Kupay Wallet Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more