
Lazarus Targets Developers with New Exploits
North Korean hackers, the notorious Lazarus Group, have infiltrated the npm ecosystem by introducing six new malicious packages designed to steal cryptocurrencies. The research team at The Socket has identified these packages as having been downloaded over 330 times, posing a significant threat to developers who may have unknowingly integrated them into their projects.
The Lazarus Group utilized typosquatting tactics, creating package names that closely resemble legitimate libraries, thereby increasing the likelihood of developers inadvertently installing malicious packages. Furthermore, they maintained GitHub repositories for five of these packages, lending an appearance of legitimacy to their malicious code.
Upon installation, these malicious packages execute the BeaverTail malware, which is designed to steal credentials, extract cryptocurrency data, and deploy backdoors in order to compromise the security of developer environments and any projects that incorporate the affected packages.