CyberSecurity news
FlagThis
@The DefendOps Diaries
//
The Lazarus Group, a North Korean APT, is actively targeting developers through the npm ecosystem by publishing malicious packages. These packages are designed to compromise developer environments, steal credentials, extract cryptocurrency data, and deploy backdoors. The attackers use typosquatting, mimicking legitimate library names to deceive developers into downloading the compromised versions. The packages contain BeaverTail malware and the InvisibleFerret backdoor and exhibit identical obfuscation techniques, cross-platform targeting, and command-and-control mechanisms consistent with previous Lazarus campaigns.
Six malicious npm packages have been identified, including postcss-optimizer, is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, and react-event-dependency. These packages have been collectively downloaded over 330 times and contain the BeaverTail malware, which functions as both an infostealer and a loader designed to steal login credentials, exfiltrate sensitive data, and deploy backdoors in compromised systems. The Lazarus Group also maintained GitHub repositories for five of the malicious packages, lending an appearance of open source legitimacy.
ImgSrc: thedefendopsdia
References :
Six malicious npm packages have been identified, including postcss-optimizer, is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, and react-event-dependency. These packages have been collectively downloaded over 330 times and contain the BeaverTail malware, which functions as both an infostealer and a loader designed to steal login credentials, exfiltrate sensitive data, and deploy backdoors in compromised systems. The Lazarus Group also maintained GitHub repositories for five of the malicious packages, lending an appearance of open source legitimacy.
ImgSrc: thedefendopsdia
Share:
References :
- The DefendOps Diaries: Lazarus Group's Latest Supply Chain Attacks on Developers
- BleepingComputer: North Korean Lazarus hackers infect hundreds via npm packages
- bsky.app: Reports on the six malicious npm packages linked to the Lazarus Group.
- The Hacker News: The Lazarus Group, a North Korean APT, is actively targeting the npm ecosystem by publishing malicious packages that closely mimic legitimate libraries, deceiving developers into incorporating harmful code into their projects.
- socket.dev: North Korea’s Lazarus Group continues to infiltrate the npm ecosystem, deploying six new malicious packages designed to compromise developer environments, steal credentials, extract cryptocurrency data, and deploy a backdoor.
Classification:
- HashTags: #supplychain #malware #npm
- Company: npm
- Target: Developers
- Attacker: Lazarus
- Product: npm packages
- Feature: supply chain compromise
- Malware: BeaverTail
- Type: Malware
- Severity: Major