Lazarus Group Plants Six Malicious Packages on npm Registry
The Lazarus Group, a North Korea-linked hacking group, has planted six malicious npm packages containing BeaverTail malware. These packages, downloaded over 330 times, mimic legitimate libraries using typosquatting to deceive developers. The malware installs backdoors, steals credentials, and targets cryptocurrency wallets (Solana and Exodus). Five of the malicious packages even had accompanying GitHub repositories, bolstering their legitimacy. One package, 'is-buffer-validator', directly mirrors a legitimate package, highlighting Lazarus's awareness of previous research. This incident underscores the ongoing threat of software supply chain attacks and the sophistication of Lazarus's tactics, particularly in the wake of their recent record-breaking $1.46 billion cryptocurrency heist.