CyberSecurity news
FlagThis
SC Staff@scmagazine.com
//
The Lazarus Group, a North Korean APT, is actively targeting developers through the npm ecosystem by publishing malicious packages. These packages are designed to compromise developer environments, steal credentials, extract cryptocurrency data, and deploy backdoors. The attackers use typosquatting, mimicking legitimate library names to deceive developers into downloading the compromised versions. The packages contain BeaverTail malware and the InvisibleFerret backdoor and exhibit identical obfuscation techniques, cross-platform targeting, and command-and-control mechanisms consistent with previous Lazarus campaigns.
Six malicious npm packages have been identified, including postcss-optimizer, is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, and react-event-dependency. These packages have been collectively downloaded over 330 times and contain the BeaverTail malware, which functions as both an infostealer and a loader designed to steal login credentials, exfiltrate sensitive data, and deploy backdoors in compromised systems. The Lazarus Group also maintained GitHub repositories for five of the malicious packages, lending an appearance of open source legitimacy.
ImgSrc: files.cyberrisk
References :
Six malicious npm packages have been identified, including postcss-optimizer, is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, and react-event-dependency. These packages have been collectively downloaded over 330 times and contain the BeaverTail malware, which functions as both an infostealer and a loader designed to steal login credentials, exfiltrate sensitive data, and deploy backdoors in compromised systems. The Lazarus Group also maintained GitHub repositories for five of the malicious packages, lending an appearance of open source legitimacy.
ImgSrc: files.cyberrisk
Share:
References :
- The DefendOps Diaries: Lazarus Group's Latest Supply Chain Attacks on Developers
- BleepingComputer: North Korean Lazarus hackers infect hundreds via npm packages
- bsky.app: Reports on the six malicious npm packages linked to the Lazarus Group.
- The Hacker News: The Lazarus Group, a North Korean APT, is actively targeting the npm ecosystem by publishing malicious packages that closely mimic legitimate libraries, deceiving developers into incorporating harmful code into their projects.
- socket.dev: North Korea’s Lazarus Group continues to infiltrate the npm ecosystem, deploying six new malicious packages designed to compromise developer environments, steal credentials, extract cryptocurrency data, and deploy a backdoor.
- securityaffairs.com: Lazarus Strikes npm Again with New Wave of Malicious Packages
- hackread.com: Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack
- Threats | CyberScoop: Lazarus Group deceives developers with 6 new malicious npm packages
- www.scworld.com: Malware spread by Lazarus Group via counterfeit npm packages
- securityonline.info: Typosquatting & Backdoors: Lazarus’ Latest npm Campaign
- BleepingComputer: Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus.
- Security Risk Advisors: The Lazarus Group, North Korea’s notorious state-backed cyber threat actor, has infiltrated the npm ecosystem once again, deploying
- Security Risk Advisors: Lazarus Group Deploys Malicious npm Packages to Target Developers and Exfiltrate Data
- securityonline.info: The notorious North Korean threat actor Lazarus Group has been identified breaching Windows web servers to establish command-and-control The post appeared first on .
- Datadog Security Labs: Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access
Classification:
- HashTags: #supplychain #malware #npm
- Company: npm
- Target: Developers
- Attacker: Lazarus
- Product: npm packages
- Feature: supply chain compromise
- Malware: BeaverTail
- Type: Malware
- Severity: Major