Kupay Wallet

Malware updated 2 months ago (2024-09-19T02:17:43.902Z)

Download STIX

Preview STIX

Kupay Wallet is a form of malware, specifically part of the "AppleJeus" family of malicious cryptocurrency applications. This family, which includes Kupay Wallet among other programs like Celas Trade Pro, WorldBit-Bot, Union Crypto Trader, CoinGoTrade, Dorusio, CryptoNeuro Trader, and Ants2Whale, has been developed and deployed by North Korean hackers from March 2018 through at least September 2020. These applications provide backdoor access to victims' computers, posing a significant cyber threat especially to the cryptocurrency sector. The Cybersecurity and Infrastructure Security Agency (CISA) reported on an attack wave involving Kupay Wallet in 2021 as part of the broader AppleJeus campaign. The payloads of Kupay Wallet are likely similar in functionality to those from CoinGoTrade and Union Crypto for macOS X stage 2, or Windows stage 2. CISA identified the earliest sample of PondRAT as part of a cryptocurrency-themed Kupay Wallet macOS malware package during this campaign. Interestingly, there appear to be installation conflicts when users attempt to install multiple applications from the AppleJeus family on the same system. For instance, if Kupay Wallet is already installed and the user tries to install CoinGoTrade or Dorusio, they will encounter issues. Similarly, if Dorusio or CoinGoTrade are already installed, attempts to install Kupay Wallet will result in conflicts. Despite some cosmetic differences, such as the Dorusio logo and two new services, the wallet appears to be largely identical to the Kupay Wallet.

Description last updated: 2024-09-19T02:16:31.483Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
AppleJeus is a possible alias for Kupay Wallet. AppleJeus is a malware attributed with medium confidence to the North Korea-linked APT group "Gleaming Pisces," also known as Citrine Sleet, by researchers at Palo Alto's Unit 42. The group has been notorious for distributing versions of AppleJeus malware disguised as legitimate cryptocurrency tradi	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Macos

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Kupay Wallet Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	2 months ago	Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
Unit42	2 months ago	Threat Assessment: North Korean Threat Groups
MITRE	2 years ago	Three North Korean Military Hackers Indicted in Wide-Ranging Scheme
MITRE	2 years ago	AppleJeus: Analysis of North Korea’s Cryptocurrency Malware \| CISA