CyberSecurity news

FlagThis

@socket.dev //
The North Korean state-sponsored hacking group Lazarus has been identified as the source of a sophisticated supply chain attack that targets software developers. The group employed a malicious Node Package Manager (NPM) package named "postcss-optimizer" to deliver malware. This package deceptively mimics the widely used postcss libraries. Security researchers at Socket discovered the malicious package and linked it directly to Lazarus Group, noting its code-level similarities to previous campaigns. The "postcss-optimizer" package has been downloaded 477 times and serves as a vector for deploying BeaverTail malware.

Once installed, BeaverTail functions as both an infostealer and a malware loader. It is designed to compromise systems across Windows, macOS, and Linux. The malware's targets include browser cookies, credentials, and cryptocurrency wallet files. The information is exfiltrated to a command-and-control server. It is suspected to deliver secondary payloads such as InvisibleFerret, a known backdoor associated with Lazarus. The attackers used the deceptive npm registry alias "yolorabbit" to further confuse developers, who might have believed they were downloading legitimate software.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyberpress.org: Lazarus Hackers Deploy Malicious NPM Packages on Software Developers Systems
  • gbhackers.com: Lazarus Group Drop Malicious NPM Packages in Developers Systems Remotely
  • socket.dev: Socket : This looks potentially related to SecurityScorecard's blog post about Lazarus Group (see parent toot above). A malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems. Socket researchers note that the package contains code linked to North Korean state-sponsored campaigns known as Contagious Interview. Indicators of compromise are shared. h/t:
  • Cyber Security News: In a detailed investigation by Socket security researchers, a new malicious npm package, “postcss-optimizer,â€� has been linked to the notorious North Korean Advanced Persistent Threat (APT) group Lazarus.
  • gbhackers.com: Lazarus Group Drop Malicious NPM Packages in Developers Systems Remotely
  • : Socket : This looks potentially related to SecurityScorecard's blog post about Lazarus Group (see parent toot above). A malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems.
  • mastodon.social: Socket : This looks potentially related to SecurityScorecard's blog post about Lazarus Group (see parent toot above). A malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems. Socket researchers note that the package contains code linked to North Korean state-sponsored campaigns known as Contagious Interview. Indicators of compromise are shared. h/t:
Classification: