FBI, CISA, and Treasury assessed that North Korean state-sponsored Lazarus Group/HIDDEN COBRA actors used AppleJeus malware to target cryptocurrency exchanges, financial services firms, and related organizations for theft. The advisory says the operators have posed as legitimate cryptocurrency trading platforms since at least 2018, using trojanized Windows and macOS applications delivered through lookalike websites, phishing, social networking, and social engineering. It lists multiple AppleJeus variants, including Celas Trade Pro, JMT Trading, Union Crypto, Kupay Wallet, CoinGoTrade, Dorusio, and Ants2Whale, and reports targeting across more than 30 countries and sectors such as finance, technology, government, energy, and telecommunications. The activity matters because the modified trading applications provide access to cryptocurrency transaction environments and support North Korea’s broader sanctions-evasion and theft operations.