North Korean Lazarus hackers infect hundreds via npm packages

Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations. The threat group is known for pushing malicious packages into software registries like npm, which is used by millions of JavaScript developers, and compromising systems passively. Similar campaigns attributed to the same threat actors have been spotted on GitHub and the Python Package Index (PyPI). This tactic often allows them to gain initial access to valuable networks and conduct massive record-breaking attacks, like the recent $1.5 billion crypto heist from the Bybit exchange. The six Lazarus packages discovered in npm all employ typosquatting t ... Read full article.