CyberSecurity news
FlagThis
Ddos@Daily CyberSecurity
//
North Korean Lazarus APT group has expanded its malicious activities within the npm ecosystem, deploying eleven new packages designed to deliver the BeaverTail malware and a new remote access trojan (RAT) loader. These malicious packages have been downloaded over 5,600 times before their removal, posing a significant risk to developer systems. The threat actors are utilizing previously identified aliases, as well as newly created accounts, to distribute these packages.
The campaign, dubbed "Contagious Interview," aims to compromise developer systems, steal sensitive credentials or financial assets, and maintain access to compromised environments. To evade detection, the attackers are employing hexadecimal string encoding and other obfuscation techniques. Some of the packages, such as "events-utils" and "icloud-cod," are linked to Bitbucket repositories, while others use command-and-control (C2) addresses previously associated with Lazarus Group campaigns, indicating the scale and coordination of this operation.
Cybersecurity researchers are urging developers to be vigilant and carefully review all dependencies before installing them. The North Korean threat actors continue to create new npm accounts and deploy malicious code across platforms like the npm registry, GitHub, and Bitbucket, demonstrating their persistence and showing no signs of slowing down. This campaign highlights the increasing sophistication of supply chain attacks and the need for robust security measures to protect against such threats.
ImgSrc: securityonline.
References :
The campaign, dubbed "Contagious Interview," aims to compromise developer systems, steal sensitive credentials or financial assets, and maintain access to compromised environments. To evade detection, the attackers are employing hexadecimal string encoding and other obfuscation techniques. Some of the packages, such as "events-utils" and "icloud-cod," are linked to Bitbucket repositories, while others use command-and-control (C2) addresses previously associated with Lazarus Group campaigns, indicating the scale and coordination of this operation.
Cybersecurity researchers are urging developers to be vigilant and carefully review all dependencies before installing them. The North Korean threat actors continue to create new npm accounts and deploy malicious code across platforms like the npm registry, GitHub, and Bitbucket, demonstrating their persistence and showing no signs of slowing down. This campaign highlights the increasing sophistication of supply chain attacks and the need for robust security measures to protect against such threats.
ImgSrc: securityonline.
Share:
References :
- Security Risk Advisors: Socket Research Team's report
- The Hacker News: North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
- ciso2ciso.com: North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages – Source:thehackernews.com
- Talkback Resources: North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages [net] [mal]
- securityonline.info: Lazarus Group Expands Malicious Campaign on npm, Targets Developers with New Malware
- securityonline.info: Lazarus Group Expands Malicious Campaign on npm, Targets Developers with New Malware
- www.scworld.com: Malicious npm packages, BeaverTail malware leveraged in new North Korean attacks
- Cyber Security News: North Korean cyber threat actors, Lazarus Group, have escalated their supply chain attack tactics by introducing a series of malicious npm (Node Package Manager) packages.
- cyberpress.org: North Korean cyber threat actors, Lazarus Group, have escalated their supply chain attack tactics by introducing a series of malicious npm (Node Package Manager) packages. Utilizing sophisticated hexadecimal encoding to camouflage their code and evade detection systems, the group aims to compromise developer systems, steal sensitive credentials, and maintain persistent access to targeted environments.
- Chris Wysopal: Infosec.Exchange post on new supply chain NPM package malware attacks found.
Classification:
- HashTags: #SupplyChain #Malware #NorthKorea
- Target: Developers
- Attacker: North Korean threat actors
- Product: npm packages
- Feature: malware distribution
- Malware: BeaverTail
- Type: Malware
- Severity: Major